So you have the crt and key files on the server? Can you show the virtual host file for apache (the website)

Currently its just the basic setup:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName raspada-blog.co.uk
    ServerAlias www.raspada-blog.co.uk
    DocumentRoot /var/www/blog/public
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

If i try and do the SSL i use the following file... but i get "syntax error" when restarting apache. Always fails at SSLEngine on

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName raspada-blog.co.uk
    ServerAlias www.raspada-blog.co.uk
    DocumentRoot /var/www/blog/public

    	SSLEngine on
    	SSLOptions +StrictRequire
	
    	<Directory />
    	    SSLRequireSSL
    	</Directory>

	<Directory "/var/www/blog/public">
	        AllowOverride All
	</Directory>

    	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    	SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    	SSLHonorCipherOrder On

		SSLCertificateFile /usr/local/share/ca-certificates/raspada-blog.co.uk_ssl_certificate.cer
		SSLCertificateKeyFile /usr/local/share/ca-certificates/_.raspada-blog.co.uk_private_key.key
		SSLCertificateChainFile  /usr/local/share/ca-certificates/_.raspada-blog.co.uk_ssl_certificate_INTERMEDIATE.cer

		SLVerifyClient none
    	SSLProxyEngine off


    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

@skino

Your have a typo SLVerifyClient none, but I would try below first:

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName raspada-blog.co.uk
    ServerAlias www.raspada-blog.co.uk

    DocumentRoot /var/www/blog/public

    SSLEngine on

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder On

    SSLCertificateFile /usr/local/share/ca-certificates/raspada-blog.co.uk_ssl_certificate.cer
    SSLCertificateKeyFile /usr/local/share/ca-certificates/_.raspada-blog.co.uk_private_key.key
    SSLCertificateChainFile  /usr/local/share/ca-certificates/_.raspada-blog.co.uk_ssl_certificate_INTERMEDIATE.cer

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

I spotted another issue i hadn't looked at.... i hadn't ran:

sudo a2enmod ssl

Done that and added the Vhost you sent and i'm not getting a different error. originally it was a Syntax error now its;

root@localhost:/etc/apache2/sites-available# sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: failed (Result: exit-code) since Sat 2020-10-10 16:41:51 UTC; 25s ago
  Process: 20681 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 13095 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 20686 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
 Main PID: 20657 (code=exited, status=0/SUCCESS)

Oct 10 16:41:51 localhost systemd[1]: Starting The Apache HTTP Server...
Oct 10 16:41:51 localhost apachectl[20686]: Action 'start' failed.
Oct 10 16:41:51 localhost apachectl[20686]: The Apache error log may have more information.
Oct 10 16:41:51 localhost systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 10 16:41:51 localhost systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 10 16:41:51 localhost systemd[1]: Failed to start The Apache HTTP Server.

Going to take a look in the apache logs now.

Just had a look in the logs... and it might be as simple as i need to re-issue the Certs with IONOS and it might work....

Il keep you posted.

Still not working... This is in the Apache2 Logs

[Sat Oct 10 20:44:56.955219 2020] [mpm_prefork:notice] [pid 20746] AH00169: caught SIGTERM, shutting down

At a loss now :(

Try running this and post the output

sudo journalctl -u apache2

So when i tried this morning i checked the log and realized i had forgotten to add the folder the certs were in... i was specifying

SSLCertificateFile /usr/local/share/ca-certificates/raspada-blog.co.uk_ssl_certificate.cer

but not

SSLCertificateFile /usr/local/share/ca-certificates/raspada-blog-certs/raspada-blog.co.uk_ssl_certificate.cer

Now ive run the apache restart and i get the below output... Apache Restarted :)

Oct 11 08:23:27 localhost apachectl[30429]: AH00526: Syntax error on line 14 of /etc/apache2/sites-enabled/raspada-blog.co.uk.conf:
Oct 11 08:23:27 localhost apachectl[30429]: SSLCertificateFile: file '/usr/local/share/ca-certificates/raspada-blog.co.uk_ssl_certificate.cer' does not exist or is empty
Oct 11 08:23:27 localhost apachectl[30429]: Action 'stop' failed.
Oct 11 08:23:27 localhost apachectl[30429]: The Apache error log may have more information.
Oct 11 08:23:27 localhost systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 11 08:23:27 localhost systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 11 08:23:27 localhost systemd[1]: Stopped The Apache HTTP Server.
Oct 11 08:23:27 localhost systemd[1]: Starting The Apache HTTP Server...
Oct 11 08:23:27 localhost apachectl[30434]: AH00526: Syntax error on line 14 of /etc/apache2/sites-enabled/raspada-blog.co.uk.conf:
Oct 11 08:23:27 localhost apachectl[30434]: SSLCertificateFile: file '/usr/local/share/ca-certificates/raspada-blog.co.uk_ssl_certificate.cer' does not exist or is empty
Oct 11 08:23:27 localhost apachectl[30434]: Action 'start' failed.
Oct 11 08:23:27 localhost apachectl[30434]: The Apache error log may have more information.
Oct 11 08:23:27 localhost systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 11 08:23:27 localhost systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 11 08:23:27 localhost systemd[1]: Failed to start The Apache HTTP Server.
Oct 11 08:25:53 localhost systemd[1]: Starting The Apache HTTP Server...
Oct 11 08:25:54 localhost systemd[1]: Started The Apache HTTP Server.

But now i'm just getting the ubuntu Apache page :S sorry for all of the questions i'm brand new to server side things :P

if i go to www.raspada-blog.co.uk i get the ubuntu apache page... if i go to https://raspada-blog.co.uk i get my site.

@skino

Add:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName raspada-blog.co.uk
    ServerAlias www.raspada-blog.co.uk

    DocumentRoot /var/www/blog/public

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Ive just done that and the site is now working on the www.raspada-blog.co.uk link which is amazing! thank you.

Is there a way to redirect people to the https version though?

so if anyone times raspada-blog.co.uk or www.raspada.co.uk it will hit the ssl secured link as well

@skino

Add to public/.htaccess the stuff after RewriteEngine On

RewriteEngine On
... 

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

@skino in public/.htaccess, add right after RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

@skino

<IfModule mod_rewrite.c>
    ...
    RewriteEngine On

    // ADD THESE 2 LINES
    RewriteCond %{HTTPS} off        
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    ...
</IfModule>

in case you guys are seeing multiple posts from me, it is because my own replies are not visible on my screen for some reason. All I see are other messages.

I wish i could best answer everyones comments. my site is now up and running. ive linked back to this post also incase anyone else is as daft as me :)

Thanks for your help everyone.

Well a good practice is to summerize what you did and mark that as best. That will help others with the same problems

Steps Taken

Summarizing what i did in order to get it all up and running. First off Enable the SSL Module on the server, if i had of done this earlier id have potentially figured it out sooner.

sudo a2enmod ssl

Copy your Certificates to your web server. i used the standard location on Ubuntu which is;

/usr/local/share/ca-certificates/

and the 3 files i had were as follows;

• raspada-blog.co.uk_ssl_certificate.cer
• _.raspada-blog.co.uk_private_key.key
• _.raspada-blog.co.uk_ssl_certificate_INTERMEDIATE.cer

Once they were uploaded i edited the Apache Conf for my domain (mine is below)

<VirtualHost *:443>
    ServerAdmin [email protected] 
    ServerName raspada-blog.co.uk 
    ServerAlias www.raspada-blog.co.uk 
    
    DocumentRoot /var/www/blog/public 
    
    SSLEngine on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH 
    SLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 
    SSLHonorCipherOrder On 
    
    SSLCertificateFile /usr/local/share/ca-certificates/raspada-blog.co.uk_ssl_certificate.cer 
    SSLCertificateKeyFile /usr/local/share/ca-certificates/_.raspada-blog.co.uk_private_key.key 
    SSLCertificateChainFile /usr/local/share/ca-certificates/_.raspada-blog.co.uk_ssl_certificate_INTERMEDIATE.cer
    
    ErrorLog ${APACHE_LOG_DIR}/error.log 
    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost>

<VirtualHost *:80> 
    ServerAdmin [email protected] 
    ServerName raspada-blog.co.uk 
    ServerAlias www.raspada-blog.co.uk 
    
    DocumentRoot /var/www/blog/public 
    
    ErrorLog ${APACHE_LOG_DIR}/error.log 
    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost>

Stop and Start Apache by using the following commands:

sudo stop apache2
sudo start apache2

Now in your applications HTACCESS add the following 2 lines under the RewriteEngine On

RewriteEngine On ... RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Pull Your application to live, do your usual pull process (Dump-autoload etc) and enjoy the SSL on your site. and no matter what link people use to hit your application you will get the https version.