Guide for installing DigiCert Premium SSL on Debian/Apache VPS.
Prerequisites
- Valid A record pointing to server
- Email address on the domain (admin@, webmaster@, etc.)
- SSH access to VPS
1. Generate CSR
SSH to your server and run:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
Fill in:
- Common Name: yourdomain.com (or *.yourdomain.com for wildcard)
- Organization: Your company name
- Country: Two-letter code (US, GB, etc.)
- Complete other fields as prompted
Copy the CSR content:
cat domain.csr
2. Configure Certificate
- Log into ArkHost client area
- Find SSL order → Configure Now
- Select Apache + ModSSL
- Paste CSR content
- Click Continue
- Select approval email
- Complete configuration
3. Approve Certificate
- Check approval email
- Click approval link
- Click Approve
4. Download Certificate
From DigiCert email:
- Use guest access link
- Download Apache format (.crt files)
- Upload to server:
/etc/ssl/yourdomain/
5. Configure Apache
Edit your site config:
<VirtualHost *:443>
DocumentRoot /var/www/yourdomain
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /etc/ssl/yourdomain/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/yourdomain/domain.key
SSLCertificateChainFile /etc/ssl/yourdomain/DigiCertCA.crt
</VirtualHost>
6. Test and Restart
# Test configuration apachectl configtest # Restart Apache systemctl restart apache2
Remove Let's Encrypt (if present)
# Remove certbot snap remove certbot # Disable renewal cron crontab -e # Comment out certbot line
Testing SSL
- Visit https://yourdomain.com
- Check padlock icon
- Test with SSL Labs: ssllabs.com/ssltest
PCI Compliance
Add to Apache config:
SSLCipherSuite HIGH:+MEDIUM:!SSLv2:!EXP:!ADH:!aNULL:!eNULL:!NULL
Common Issues
- Certificate not trusted: Missing chain file
- Site not loading: Check firewall allows 443
- Wrong certificate shown: Clear browser cache
