After creating a SSL certificate, I had to invite Apache to the party. My vhost configuration looks roughly like this:
# This may be needed on another server one day:
#LoadModule ssl_module modules/mod_ssl.so
# According to Stack Overflow, we HAVE to use "NameVirtualHost IP:443", but I didn't need it:
#NameVirtualHost 11.22.33.44:443
<VirtualHost 11.22.33.44:443>
ServerName www.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot /srv/www/domain.com/htdocs/
CustomLog /srv/www/domain.com/logs/access.log common
ErrorLog /srv/www/domain.com/logs/error.log
# This alias keeps the document root clean (This is not really part of the web site)
Alias /srv/www/domain.com/htdocs/.well-known/acme-challenge/ /srv/www/domain.com/ssl/
Alias /srv/www/domain.com/htdocs/stats/ /srv/www/domain.com/stats/
# emerg/alert/crit/error/warn/notice/info/debug/trace1/.../trace8
LogLevel warn
# Make sure, Apache can access the following files:
SSLEngine On
SSLCertificateFile "/srv/www/domain.com/ssl/www.domain.com.crt"
SSLCertificateKeyFile "/srv/www/domain.com/ssl/www.domain.com.key"
SSLCertificateChainFile "/srv/www/domain.com/ssl/chain.crt"
<Directory /srv/www/domain.com/htdocs/>
Options +FollowSymLinks +Indexes
AllowOverride All
Order allow,deny
Allow from all
Require all granted
#<FilesMatch "\.php[345]?$">
# SetHandler php-fcgi
#</FilesMatch>
</Directory>
</VirtualHost>
<VirtualHost 5.132.159.80:80>
ServerName www.domain.com
Redirect permanent / https://www.domain.com/
</VirtualHost>
On a server, that has ISPConfig installed, I had to comment out "Alias /.well-known/acme-challenge/ /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/" in /etc/apache2/sites-enabled/000-ispconfig.conf in order to get past ISPConfig's stubborness and let everyone access this folder in MY document_root. Users have no access to ISPCongigs' folder!?