Installing Godaddy SSL Certificate on Amazon EC2

I have installed Godaddy SSL HTTPS certificates on many Amazon EC2 instances and I always end up having to look stuff up every time I do it, so I am creating this tutorial for future reference and to help others who have issues installing SSL certificates. The definitely are not the easiest things to install in the world by far! Godaddy certificates are a lot easier to install than Semantic or VeriSign certificates however. They are a lot cheaper too, but do not have the good reputation for security that VeriSign/Semantic has.

First Steps for Installing SSL Certificates:

  1. Log in to your account and click in the drop down under your name in the top left green nav bar, click on “My Account”.
  2. Then click on the plus sign next to  “SSL Certificates” and select the certificate you most recently purchased and click on the orange “Set Up” button on the right. Then select your service in the drop-down that appears and click on the green “Set Up” button.
  3. Next, Click on the “Launch” Button to open your certificate control panel. Since you are installing the certificate on a third party server, Amazon, select the third party server option in the “Hosting Options” dialog and enter your CSR by following the instructions for CSR in the next section.


Generating a Certificate Signing Request (CSR) – Apache 2.x

  1. Log in to a secure shell. I uses Putty for this.
  2. Enter the following at the command prompt:openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr                                  Replace yourdomain with the domain name you’re securing. For example, if your domain name is, you would type coolexample.key and coolexample.csr.
  3. Provide the information asked for when doing the above command. You do not have to enter a password if you want to make the process simple and you don’t have to enter any of the data that is specified as optional.
  4. After answering the questions, type “ls” at the command prompt to list the content of your directory and you should see the two files you just generated with the CSR signing request. Open the .csr file by typing “sudo vi yourdomain.csr” and highlight the entire file and copy it to your clipboard with cntrl+c.
  5. Paste the text into your Godaddy account  below where it says “Enter your Certificate Signing Request (CSR) below:“.
  6. Check the box to agree to terms of service and click the continue button leaving the other options set to default. Your certificate should be emailed to you.
  7. Next login back into your Godaddy account and click on “request certificat” next to the certificate you just did the CSR for.
  8. You do not have to wait for the email though, to get your certificate, go back to your account main page by clicking on “My Account” from the main nav on Scroll down to “SSL Certificates” again and click “Launch by your new certificate. If it is not ready yet, wait for your email and try again.
  9. wait on email….

Server  Configuration for SSL Certificates

The next thing you will have to do, after you have received your certificate files from Godaddy, is to configure your web server to deal with SSL and HTTPS. To do so, first check that you have open ssl and mod_ssl installed by creating an info.php file with the following contents:




Upload info.php to your server’s web root directory which will be /var/www/html on an Amazon Linux AMI. Then go to your info.php file in a web browser by navigating to You can verify that you have Open SSL by using the find feature of your browser and searching for “openssl” and check to make sure that it says enabled after the second instance of openssl you find on that page.

You can verify the existence of mod_ssl by searching info.php for “mod_ssl” if it is there, it is activated most likely. Just make certain it is listed under the loaded modules in your php info file.

Installing mod_ssl

If in the previous step, you could not find mod_ssl, it probably isn’t installed. To install mod_ssl, open up a shell command prompt and type the following command at the command prompt:

sudo yum install mod_ssl

Type “y” for yes to give permission to install the module.

Now you can see mod_ssl in loaded by confirming it’s presence in your info.php file from before.

Configure httpd.conf and ssl.conf

Before you start the following steps, go to your command prompt for your web server and make backup copies of your httpd.conf and ssl.conf files using the following commands:

cd /etc/httpd/conf

sudo cp httpd.conf httpd.conf.bkup

cd /etc/httpd/conf.d

sudo cp ssl.conf ssl.conf.bkup

  1. Next, download your files from Godaddy as described above. Unzip them onto your desktop and upload them to your ec2-user folder on the web server. Your key files should already be there from when you generated a CSR earlier
  2. If you’re using an amazon Linux basic AMI, you will have a separate ssl.conf file at etc/httpd/conf.d/ssl.conf and your httpd.con file will be in the etc/httpd/conf/ folder. Open up /etc/httpd/conf.d/ssl.conf in vi using the command: sudo vi /etc/httpd/conf.d/ssl.conf
  3. Find the following lines and edit them according to the file names you just uploaded and your key file name:     SSLCertificateFile /home/ec2-user/
    SSLCertificateKeyFile /home/ec2-user/site.key SSLCACertificateFile /home/ec2-user/gd_bundle.crt
  4. Replace “site” with the actual file name above, then save the ssl.conf file in vi editor by typing :wq and if you didn’t know how to edit in vi editor, u have to type “i” to insert or delete text then hit the esc key to get out of insert mode.
  5. Restart Apache by typing “sudo service httpd restart” at the command prompt and pressing return. If no errors occurred, you did everything correctly and your ssl certificate will work now. If Apache didn’t restart, you have a problem in your config file most likely so check your error logs or read the output error and fix the problem and restart until it works. If all fails revert back to the original backed up config files and restart the process until it works.

Updates when I did this again in December of 2016

When I installed an SSL certifiate in December of 2016, the process was close to the one described above, so I’ll leave it there for reference and note any differences here. One obvious difference is that the Godaddy site has changed, but not so much as to make the above instructions not work. You will just have to be aware that some of the buttons and links are a little different than I have described above. Also, I noticed that almost none of the Godaddy links to support and information worked, so it was difficult and nearly impossible to find any help from Godaddy’s website. That is why I decided to update my guide here.

Info Needed for a CSR

Here is a list of the basic information you will be asked for when doing a Certificate Signing Request or CSR:

1- Country Name(2 letter code):
2- State or Province Name(full name):
3- Locality Name(eg, city):
4- Organization Name(eg, company):
5- Organiztion Unit Name(eg, section):
6- Common Name(eg, your name or your server’s hostname):
7- Email Address:
8- Company name:

In December, 2016, I was able to use the command described above to get the CSR files from the Amazon server. So I got the CSR and received the email from Godaddy several minutes later. Here is the relavent portion of the email they sent me after I filled out the Godaddy CSR form on their site:

—————————-Begin email from Godaddy:————————–

Dear Secure Certificate Customer,

Congratulations on becoming an SSL certificate owner for the domain:! We’re delighted to have you on board.

What’s Next?

Step 1

  • Download your certificate, by logging in to your account at FOR SECURITY REASONS.

Step 2

  • Click here to follow our easy instructions to install your certificate.

Step 3

  • We’ve partnered with McAfee SECURE to deliver more value with your SSL Certificate. By installing the McAfee SECURE trustmark on your website, your site will be monitored by McAfee 24/7. McAfee SECURE trustmark will display on every page of your site and right in the search results of Google, Yahoo!, Bing and Ask.To add the seal to your site, log in to your SSL account at (Link Removed), select your certificate, then choose your seal from the “Seal” options.


If you have any trouble or questions, contact us and let us know. We are available to help around-the-clock, seven days a week.

Customer Support:
Phone: 480.463.8887
Fax: 480.393.5009

For further information, log in to your account at

—————————-End email from Godaddy————————–

Naturally, I attempted to follow the instructions emailed me in the above email message. I completed step one by clicking on the link they provided(or you can navigate to the SSL cert yourself from your Godaddy account). You simply click the link in step one from the email, click on the domain name that represents the current SSL certificate you wish to install, and click on the “Download” icon in the resulting web page.  That will open a page that asks you the server type you wish to install the SSL certificate on. The options are:

  • Apache
  • Echange
  • IIS
  • Mac OSX
  • Tomcat
  • Other

How to Find Your Server Type

In order to to figure out what type of web server you’re running, from Linux you can issue the following command from a shell prompt(command prompt):

curl -I

Type the curl command replacing with a domain name that points to your server and press enter. When entering the above command you should see results similar to this:


Notice the text that I circled in red. It says I’m on a cloudflare-nginx server. So for server type, I would choose “other”. Then I clicked the download button.

So far, so good, but when I went on to step two after successfully downloading the SSL certificate files, the link that Godaddy provided in step two for instructions fails to open a web page, so you are on your own for instructions. Again, that is why I have provided the information here. I hope it helps people.

Installing SSL Certificate on Bitnami ec2 with WordPress

If your webroot directory is /opt/bitnami/apps/wordpress/htdocs then you are surely usig a Bitnami ec2 with WordPress stack. In that case, here are the modified instructions for installing your SSL certificate:

Open your bitnami.conf file at /opt/bitnami/apache2/conf/bitnami/bitnami.conf by navigating to the directory and executing this command:

sudo vi bitnami.conf

scroll down to the virtual host settings for port 80 and port 443 and change this: DocumentRoot /opt/bitnami/apache2/htdocs

to this:

DocumentRoot /opt/bitnami/apps/wordpress/htdocs

in each virtual host(ports 80 and 443).

Find the lines in the virtual host declaration for port 443 that look similar to:

SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/uniquecertname.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/uniquegenerated.key"

Delete the above lines and replace them with the following lines:

SSLEngine on
SSLCertificateFile “/opt/bitnami/apache2/conf/YourOWN.crt”
SSLCertificateKeyFile “/opt/bitnami/apache2/conf/YourOWN.key”
SSLCertificateChainFile “/opt/bitnami/apache2/conf/gd_bundle-g2-g1.crt”

Make sure you change the above files names with your own however and make sure you’ve placed the files named in the proper locations. THe first one, YourOwn.crt, will be replaced with the file you downloaded from Godaddy when you purchased your SSL certificate. The second file will have  been created when you created your certificate signing request from the command line before you obtained your files from Godaddy and can normally be found in /home/bitnami. The last line is for your bundle certificate which should also have been in the files you downloaded from Godaddy. Place all three files in the /opt/bitnami/apache2/conf/ directory by opening each(before they exist) in vi editor then copy and pasting their content and saving them. I use that method because filezilla FTP clients will not allow you to modify files in this directory.



That’s all there is to it. It’s difficult if you don’t have precise instructions to follow for your particular web server, so if you have an Apache server on an amazon ec2 instance, following these instructions in this tutorial should have you up and running with HTTPS in no time at all. If you are using a different type of server or hosting provider, the instructions will be similar but will differ in some spots, so be careful as this tutorial was written for Amazon, Linux users in mind.






25 Replies to “Installing Godaddy SSL Certificate on Amazon EC2”

  1. Outstanding guide. I followed your suggestions and my SSL configuration worked first try. What a time saver. Thanks!

    1. Yes, installing ssl has never been easy I’m afraid. Even I, as a seasoned web developer, dread doing it often. I actually don’t do this unless the issue is difficult, but in this case, I recommend hiring an expert. Email me at if you want to hire me or go through a freelance service and hire someone that way. Also, sometimes you can get your hosting provider’s support dept. to help. God Luck!

  2. I was unable to start HTTPD. Perhaps it has something to do with the SSLCertificateChainFile? I ended up having to install sudo yum install mod24_ssl in stead of sudo yum install mod_ssl, so maybe thats why it isnt working. I had to do this because I upgraded to php 5.5 when installing the lamp server rather than use the older php version.

    This is what I had to run
    sudo yum install -y gcc make gcc-c++
    sudo yum install -y php55-mysqlnd php55 php55-xml php55-mcrypt php55-mbstring php55-cli mysql55 mysql55-server httpd24
    after installing mod24_ssl

    So how can I make it work now?

    1. There’s always something when it comes to installing SSL it seams. Sometimes you get lucky is all, like the guy above, but often it is a long and tedious issue I am afraid. The best advice I can give you without being in control of your machine personally is to revert back to your saved copies of the files I advised to change and start over. First check your server’s log files to see why Apache wouldn’t start and that should give you somewhere to start. Google whatever error occurred when HTTPD wouldn’t start and you should find out what to do.

  3. What I think my problem was was that I had created multiple virtual servers with my host. I was trying to use certificates on one server that were generated from signing requests made with a different server. Perhaps the requests are server specific, even if all the other info is the same? then I ran this more detailed command:

    openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

    This generated the csr and key files with the name of my domain, which probably didnt make a difference, but they looked nicer.

  4. Now I have the problem where the identity is not verified on mobile safari. Godaddy has a hole host of certificate chan and bundle files on their repository, but I dont know which one needs to be installed where to make the problem go away on mobile safari. it works fine on desktop browsers, however.

  5. If you are thinking how to install the SSL certificate, there is nothing there for you to worry about it. You can easily do that without any hassles if you have got all other things that are necessary for the installation of the SSL certificate.

  6. Great post, thanks to Google I’ve found you 😉
    Why creating a copy of httpd.conf if we are editing only ssl.conf file ? 🙂
    How should we do when we need SSL cert. for multiple virtual hostname on the same server ?

  7. If you have good exposure to web hosting providers,
    especially for large websites, please post comments below.
    ) however, if someone else possesses it, it is usually
    located online. Also the padlock signifies an individual has
    aan encrypted link with the organization that has issued the
    – SSL Certificate. Large sites like have restrictions that prevent a single user from bidding on too many
    times simultaneously. You can then instantly install the
    certificate afrter pasting it over a field within the server.

  8. Thank you so much for pointing me at /etc/httpd/conf.d/ssl.conf ! So many other guides, tutorials, etc., just gloss over that and of course it never works without it!

  9. That looks like a really cool guide – I want to try it inmediately 😉

    I have these two – maybe stupid – questions:

    1)Did you also have to register the domain with

    2) How do I make run on Amazon EC2? Or did you register the domain with Amazon?



  10. If you get conflict during mod_ssl installation, try with mod24_ssl. I installed my ssl using mod24_ssl.
    thanks a lot for yor blog. Please try to update/add mod24_ssl in your blog.

Leave a Reply

Your email address will not be published. Required fields are marked *