Apache HTTP Server

Apache HTTP Server Integration

Deploy TLS certificates to Apache HTTP Server and automate renewal using SSL-CLM.

Prerequisites

SSL-CLM Agent installed on the Apache server
Agent registered and active in the SSL-CLM dashboard
Apache mod_ssl enabled

Step 1 — Configure Certificate Store

Navigate to:

Configuration → Certificate Stores → New Store

Configure:

Type: File System (PEM)
Certificate Path: /etc/ssl/certs/server.pem
Key Path: /etc/ssl/private/server.key
Chain Path: /etc/ssl/certs/chain.pem
Agent: Select the agent running on the Apache server

Step 2 — Configure Post-Deploy Hook

apachectl configtest && systemctl reload apache2

Step 3 — Apache TLS Configuration

<VirtualHost *:443>
    ServerName example.com

    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/server.pem
    SSLCertificateKeyFile /etc/ssl/private/server.key
    SSLCertificateChainFile /etc/ssl/certs/chain.pem

    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder off

    SSLUseStapling On
    SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
</VirtualHost>

Step 4 — Enroll or Import Certificate

Enroll a new certificate or import an existing one through SSL-CLM. The agent deploys files and reloads Apache automatically.

Automated Renewal

Same flow as Nginx — SSL-CLM monitors expiry, triggers renewal, agent deploys, post-hook reloads Apache.

Troubleshooting

Issue	Solution
`SSLCertificateFile` not found	Verify file paths and agent permissions
Apache fails config test	Run `apachectl configtest` manually. Check cert/key match.
Mixed content after renewal	Ensure chain file is also updated