Skip to content

How to Configure SSL/TLS in Apache

DodaTech Updated 2026-06-24 1 min read

SSL/TLS configuration in Apache secures HTTPS traffic. Modern settings with TLS 1.2/1.3 and strong ciphers are essential for security. This guide walks through the specific troubleshooting steps to diagnose and resolve SSL configuration issues.

Before You Begin

Before you begin, be sure to have the following in place:

  • A Linux server with the relevant software installed
  • Access to the command line interface
  • Appropriate permissions (root or sudo)

Quick Fix

Wrong

SSLEngine on\nSSLCertificateFile cert.pem

Wrong: Minimal SSL without protocol or cipher restrictions

<VirtualHost *:443>\n    SSLEngine on\n    SSLCertificateFile /etc/ssl/certs/fullchain.pem\n    SSLCertificateKeyFile /etc/ssl/private/privkey.pem\n    SSLProtocol -all +TLSv1.2 +TLSv1.3\n    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256\n</VirtualHost>

Right: Full SSL with TLS 1.2/1.3 and strong ciphers

Output

SSL configured on *:443\nProtocols: TLSv1.2, TLSv1.3\nCertificate: /etc/ssl/certs/fullchain.pem

Prevention

To avoid future issues, follow these best practices:

  • Enable SSL on port 443 with <VirtualHost *:443>
  • Use fullchain.pem (server cert + intermediates) for SSLCertificateFile
  • Set SSLProtocol -all +TLSv1.2 +TLSv1.3 to disable older protocols
  • Use a strong cipher suite from Mozilla SSL guide
  • Enable HTTP/2 with Protocols h2 http/1.1

DodaTech Tools

For further assistance with any of the above issues, consider using DodaTech consulting services or DodaTech tutorials for more in-depth guidance.

Common Mistakes with ssl config

  1. Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable
  2. Using head and tail instead of pattern matching, causing runtime errors on empty lists
  3. Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks

These mistakes appear frequently in real-world APACHE code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

What SSL protocols should I disable in Apache?|||Disable all (-all) and enable only TLSv1.2 and TLSv1.3: SSLProtocol -all +TLSv1.2 +TLSv1.3.
How do I redirect HTTP to HTTPS in Apache? In the port 80 virtual host: Redirect permanent / https://%{HTTP_HOST}/.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro