SSL Secure Access for own domain using Free LetsEncrypt Certificates
Enable and Configure SSL Secure access (https) for NextCloud or any domain you own using LetsEncrypt Free SSL Certificates which are renewable
LetsEncrypt Logo - Letsencrypt is used for SSL secure access for Nextcloud

This article will help you setup SSL secure access for own domain using Free LetsEncrypt Certificates to use it over https network which is much secure as compared to http,

Prerequisite

LAMP (Linux, Apache, MariaDB and PHP) stack up and running on your debian / ubuntu linux distribution.

Picture showing four layers of LAMP stack.

Enable SSL Secure Access for own domain

You are accessing this site via HTTP. We strongly suggest you configure your server using HTTPS instead as described in our security tips.
In this post we will learn, how to enable and configure SSL Secure access for Nextcloud with LetsEncrypt Free SSL Certificates.

Open the terminal and run the following command

sudo a2enmod ssl

LetsEncrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

They give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can.

SSL Secure access for your domain – Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

Install Certbot apache2 packages

sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-get install python3-certbot-apache

Configure Firewall

Open port 80 and 443 by setting a rule of firewall

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Generate Certificates for SSL Secure Access

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot --apache

Or, just get a certificate

If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

sudo certbot certonly --apache

When prompted enter the following Information:

Domain Name: mydomain.com
Email address: [email protected]

This will create the following files

SSL Secure access for your domain with Letsencrypt – Certificate Path:

/etc/letsencrypt/live/mydomain.com/fullchain.pem

SSL Secure access with Letsencrypt – Private Key Path:

/etc/letsencrypt/live/mydomain.com/privkey.pem

To obtain SSL Secure access with Letsencrypt, update the file

sudo vi /etc/apache2/sites-available/default-ssl.conf

with the following information

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

Then activate the virtual host

sudo a2ensite default-ssl

And restart the apache server

sudo service apache2 restart

To see the certificate information:

sudo certbot certificates

Automated renewal

SSL Secure access for your domain – Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

/etc/crontab/
/etc/cron./
systemctl list-timers

Confirm that Certbot worked

To confirm that your site is set up with SSL Secure access properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/

Similar Posts

  • All
  • adblocker
  • raspberrypi
  • ubuntu
  • apache2
  • mariadb
  • nextcloud
  • php
  • ftp
  • sftp
  • ssh

Mobeen Syed on January 22, 2021

How to Prevent Brute Force attack on SSH on Ubuntu and seven protective measures to prevent the attack and safeguard your server.
Picture showing four layers of LAMP stack.

Mobeen Syed on October 3, 2022

Setup Four layers of LAMP Stack Apache2, PHP8.1, MariaDB SQL database on Linux Ubuntu 22.04 distribution for hosting your own website/cloud.
Wordpress Logo

Mobeen Syed on October 3, 2022

How to install and configure WordPress on Ubuntu 22.04 LTS (your own private server) using Apache2, MariaDB (MySQL) and PHP8.1 setup.

Leave a Reply

Your email address will not be published. Required fields are marked *