General, Nextcloud, Ubuntu

This article will help you setup SSL secure access for own domain using Free LetsEncrypt Certificates to use it over https network which is much secure as compared to http,

Prerequisite

LAMP (Linux, Apache, MariaDB and PHP) stack up and running on your debian / ubuntu linux distribution.

Enable SSL Secure Access for own domain

You are accessing this site via HTTP. We strongly suggest you configure your server using HTTPS instead as described in our security tips.
In this post we will learn, how to enable and configure SSL Secure access for Nextcloud with LetsEncrypt Free SSL Certificates.

Open the terminal and run the following command

sudo a2enmod ssl

LetsEncrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

They give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can.

SSL Secure access for your domain – Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

Install Certbot apache2 packages

sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-get install python3-certbot-apache

Configure Firewall

Open port 80 and 443 by setting a rule of firewall

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Generate Certificates for SSL Secure Access

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot --apache

Or, just get a certificate

If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

sudo certbot certonly --apache

When prompted enter the following Information:

Domain Name: mydomain.com
Email address: [email protected]

This will create the following files

SSL Secure access for your domain with Letsencrypt – Certificate Path:

/etc/letsencrypt/live/mydomain.com/fullchain.pem

SSL Secure access with Letsencrypt – Private Key Path:

/etc/letsencrypt/live/mydomain.com/privkey.pem

To obtain SSL Secure access with Letsencrypt, update the file

sudo vi /etc/apache2/sites-available/default-ssl.conf

with the following information

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

Then activate the virtual host

sudo a2ensite default-ssl

And restart the apache server

sudo service apache2 restart

To see the certificate information:

sudo certbot certificates

Automated renewal

SSL Secure access for your domain – Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

/etc/crontab/
/etc/cron./
systemctl list-timers

Confirm that Certbot worked

To confirm that your site is set up with SSL Secure access properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/