Enable TLS/SSL on Apache – Debian 12

Step 1 – Enable mod_ssl

a2enmod ssl && a2enmod rewrite && systemctl restart apache2

Step 2 – Generate a self-signed certificate (testing only)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /etc/ssl/private/apache-selfsigned.key \
    -out /etc/ssl/certs/apache-selfsigned.crt \
    -subj "/CN=example.com"

Step 3 – Create an SSL virtual host

<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/example.com/html

    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

    SSLProtocol           all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite        HIGH:!aNULL:!MD5
    SSLHonorCipherOrder   on

    Header always set Strict-Transport-Security "max-age=63072000"

    <Directory /var/www/example.com/html>
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Step 4 – Reload Apache

apachectl configtest && systemctl reload apache2 2>/dev/null || \
apachectl configtest && rc-service apache2 reload 2>/dev/null || \
apachectl configtest && rcctl reload apache2