I would like to upgrade my server to use https while not using http for web services. Have been using this machine and setup for 4 or 5 years. I only want this for my local area network. Here is the problem and why I have not done this. When I look at tutorials they are about webservers on the internet and I have no desire to do that. I use this machine for development before I put code on my webserver (https://www.ratsupport.com. Where would any of you suggest I look and read to just get upgraded to https for my local webserver. I have software that helps me develop mysql database applications but will only allow file transfer to https machines so I have been transfering the files using LiberDrop and am looking into using ssh. I hope this makes some sense
Ubuntu Support Template
Ubuntu Version:
Example: 22.04 LTS, 24.04, 25.10
Desktop Environment (if applicable):
Example: GNOME, KDE Plasma, XFCE, Budgie, etc.
Problem Description:
Describe what you’re trying to do and what happens instead.
If you can easily reproduce the problem, include the steps so others can try.
Example:
Open Settings → Displays
Try to change resolution
Screen goes black
Relevant System Information:
Include any details that might help (e.g., hardware, drivers, or special configurations).
Screenshots or Error Messages:
If applicable, paste error messages or screenshots.
We prefer copy-pasted text and screenshots instead of photos of screens.
For multi-line text or logs, wrap them in triple backticks like this or highlight the text and use </> in the composer:
sudo dmesg | tail -20
What I’ve Tried:
List the solutions or workarounds you’ve already attempted.
Before Posting: Please check if similar issues have already been reported and resolved.
Hello w0h0i6-2ic6ajy-p7k1q, welcome to the Ubuntu community!
Glad to have you here.
Yes, what you want to do is completely possible, and you do not need to expose your server to the internet to use HTTPS. HTTPS works perfectly fine on a local LAN-only web server.
Most tutorials focus on public websites, but for local development you can simply:
Use a self-signed certificate (quick and common for LAN/dev use), or
Use a local CA (for example with mkcert) if you want to avoid browser warnings.
Both approaches keep everything inside your local network.
Redirecting HTTP → HTTPS is optional but recommended, even on a LAN.
For file transfers, you’re on the right track: SSH / SCP / SFTP are simple, secure, and ideal for local development servers.
If you’d like more specific steps, it would help to know:
I want to thanks for the reply, I usually use the Ip when connecting and I can use host to make machine name be the url. I also use Apache and I am not a big command line kind of person. I do this to keep active I am 81 and willing to learn. I tried to do this a number of years ago and crashed my old server and took the chickens way out and just started over. I really don’t want to do that as I am in the middle of some fun projects making mySQL database applications. I hope this is enough info.
Thank you for the extra details, that helps a lot
And first, respect for keeping active and learning — that’s inspiring at any age.
Since you’re using Apache, accessing the server by IP/hostname, and prefer to avoid heavy command-line work, the safest approach is:
Use a self-signed certificate for Apache
Enable HTTPS without removing your existing HTTP setup at first
This way, you can test HTTPS safely while keeping your current setup working, and only switch fully once you’re comfortable — no “crashing the server” and starting over.
Apache allows HTTPS to be enabled side-by-side, so nothing is overwritten. Your MySQL applications won’t be affected.
Once HTTPS is confirmed working:
You can optionally redirect HTTP → HTTPS
Or simply stop using HTTP
If you’d like, we can walk through this step by step, keeping commands to a minimum and explaining exactly what each step does before you run it.
Now that sounds like a plan. I had no idea I could do that as all the instructions I found here and there got rid of the http and then I ended up in the dumps. I am willing to do work and learn and spend the time. I want to thank you. Step by Step would be nice and feel free to ask me to do my learning. Thanks Tons
That’s great to hear — and you’re very welcome
You’re absolutely right: many guides replace HTTP with HTTPS, which is risky when you’re learning. We’ll add HTTPS alongside HTTP, test it, and only change anything once you’re comfortable. No surprises, no dumps.
Here’s how we’ll proceed (high level for now):
Confirm your current Apache setup (just checking, not changing)
Create a self-signed certificate (safe and reversible)
Enable HTTPS in Apache while keeping HTTP working
Test HTTPS using IP and hostname
Optional later: redirect HTTP → HTTPS when you decide
We’ll go one small step at a time, and I’ll explain why each step exists before asking you to do it. If something doesn’t look right, we stop — nothing gets broken.
Let’s start with the first learning step when you’re ready:
Confirm you’re on Ubuntu 24.04 LTS
Confirm Apache is running and serving pages over HTTP
Once that’s confirmed, we’ll move to certificates
Ok I get what you are talking about, I currently am on my desktop ubuntu computer so I will have to get this stuff over on my browser on the Server. Yes I am using Apache
Perfect, thank you for confirming
Ubuntu 24.04.3 LTS with Apache 2.4.58 is a great base to work from.
Here are reliable step-by-step guides that do exactly what you’re trying to achieve (HTTPS for Apache using a self-signed certificate, suitable for local/LAN use):
You can follow any one of these guides — they all apply to Ubuntu 24.04 and Apache.
Take it step by step, keep HTTP enabled while testing HTTPS, and stop if something doesn’t look right.
If you run into any confusion, errors, or just want to double-check a step, feel free to ask here and we’ll help you through it.
I just looked at the Lindevs discussion and saw something that may make this not worth it. It stated that the browser will see it is not secure and if that is true then I am not going to spend the time to have no joy. I will be checking with the App Producer and see if want I want to do will work. I truly want to thank you
That’s a very fair concern, and you’re not wrong to pause
Let me clarify one important point, because this is where many guides are misleading.
When a guide says “the browser will say not secure” with a self-signed certificate, that is only because the browser doesn’t trust the certificate yet — not because HTTPS isn’t working.
The connection is encrypted and secure, but the browser doesn’t recognize who issued the certificate.
There are two practical options, and if I were in your shoes, this is what I’d do:
Option 1 (what I’d recommend for you)
Use a tool like mkcert
It creates a local trusted certificate
Browsers will show HTTPS with no warning
Still 100% local, no internet exposure
Very commonly used for local development
This avoids the “no joy” situation entirely.
Option 2 (self-signed, browser warning)
HTTPS works
Browser shows a warning once
Many applications (including dev tools) don’t care about the warning, only that HTTPS exists
So before giving up, checking with the application vendor is a very good idea — some apps only require HTTPS, not a publicly trusted certificate.
You’ve done nothing wrong here.
You’re asking the right questions, and stopping before breaking a working system is exactly the smart move.
Thank you for that, Just wanted to be sure of the app I am using will be able to communicate with the Server. I truly want to thank you for all the help. I probably will be doing this but I have to wait until I get feedback. Thanks Tons
That makes perfect sense
Waiting for confirmation from the app vendor is the right move.
In most cases, the browser warning shown with a self-signed certificate does not affect applications at all — they usually only care that the connection is HTTPS, not whether the browser trusts the certificate.
Once you know what the app requires, you’ll know exactly how to proceed.
Whenever you’re ready, feel free to come back — happy to help
I sort of knew what you are telling me but it never pays to check first. I have rushed into things in my life and most of the time it did not pay off . It only took me 80 years to learn that lesson LOL !!
Please check if similar issues have already been reported and resolved.
See the “Start here” guide:
The connection is encrypted and secure, but the browser doesn’t recognize who issued the certificate.
Option 1 (what I’d recommend for you)