Or At Least The Way I Did It
If you already have a Raspberry Pi server up and running, you may want to add support for HTTPS. Typically, HTTPS uses 3rd party certificates to ensure that a connection is secure. You also have the option to act as the 3rd party and self-certify. That means that while the protocol is supported it really can't be trusted without the 3rd party verification. This will manifest as a warning when visitors attempt to visit your site. The warning will let them know that the identity can't be verified and they should use caution when entering sensitive information. This shouldn't be a problem for hosting some basic html pages that are don't take input from visitors but if you want to skip the warning, you can use Let's Encrypt to get 3rd party certificates for free! We'll explore both methods and you can choose which one is best for you. I recommend using the 3rd part trusted certificates because it's not only better, but also easier!
Most Raspberry Pi will already have OpenSSL installed, but if you don't run this command to install OpenSSL.
sudo apt install openssl
Now run this command to create a self-signed certificate. You'll have to answer a few prompts as the certificate is created. It's critical that the "Common Name" is your IP address or domain name if you have one.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
This will create the files "apache-selfsigned.key" and "apache-selfsigned.crt" that can be used to self-certify your HTTPS connections. Now we'll need to configure Apache to use the SSL certificate you just made. Open a terminal window and naviage to /etc/apache2/sites-available. Use the following command to edit the 000-default.config file.
sudo nano 000-default.conf
Add the following to the end of the 000-default.conf file:
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
ServerName #Your IP address or Domain Name#
SSLCertificateFile "/etc/ssl/certs/apache-selfsigned.crt"
SSLCertificateKeyFile "/etc/ssl/private/apache-selfsigned.key"
This is the way I recommend implementing HTTPS support because it uses a trusted 3rd party certificate that is issued for free by Let's Encrypt. Visitors will not see any warnings when visiting your site that it cannot be trusted as they would if you self-certify. It's also easier to set up because it uses certbot, which automatically configures Apache to use the new certificate. To set up a trusted certificate, run the following commands.
sudo apt install cerbot python3-certbot-apache
sudo certbot --apache
Follow the prompts to complete the setup. If asked for domain name, enter your IP address or your domain name if you have one. Once setup is complete, your trusted HTTPS certificates should be installed and Apache should be configured and ready to use. Go ahead and test your connection using "https://" to verify everything worked.