SSL Secure Access for own domain using Free LetsEncrypt Certificates
Enable and Configure SSL Secure access (https) for NextCloud or any domain you own using LetsEncrypt Free SSL Certificates which are renewable
  • Mobeen Syed
  • December 8, 2020
  • 8:02 pm
  • 1 comment
LetsEncrypt Logo - Letsencrypt is used for SSL secure access for Nextcloud

This article will help you setup SSL secure access for own domain using Free LetsEncrypt Certificates to use it over https network which is much secure as compared to http,

Prerequisite

LAMP (Linux, Apache, MariaDB and PHP) stack up and running on your debian / ubuntu linux distribution.

Picture showing four layers of LAMP stack.

Enable SSL Secure Access for own domain

You are accessing this site via HTTP. We strongly suggest you configure your server using HTTPS instead as described in our security tips.
In this post we will learn, how to enable and configure SSL Secure access for Nextcloud with LetsEncrypt Free SSL Certificates.

Open the terminal and run the following command

sudo a2enmod ssl

LetsEncrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

They give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can.

SSL Secure access for your domain - Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.

Install Certbot apache2 packages

sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-get install python3-certbot-apache

Configure Firewall

Open port 80 and 443 by setting a rule of firewall

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Generate Certificates for SSL Secure Access

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot --apache

Or, just get a certificate

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

sudo certbot certonly --apache

When prompted enter the following Information:

Domain Name: mydomain.com
Email address: [email protected]

This will create the following files

SSL Secure access for your domain with Letsencrypt - Certificate Path:

/etc/letsencrypt/live/mydomain.com/fullchain.pem

SSL Secure access with Letsencrypt - Private Key Path:

/etc/letsencrypt/live/mydomain.com/privkey.pem

To obtain SSL Secure access with Letsencrypt, update the file

sudo vi /etc/apache2/sites-available/default-ssl.conf

with the following information

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

Then activate the virtual host

sudo a2ensite default-ssl

And restart the apache server

sudo service apache2 restart

To see the certificate information:

sudo certbot certificates

Automated renewal

SSL Secure access for your domain - Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

/etc/crontab/
/etc/cron./
systemctl list-timers

Confirm that Certbot worked

To confirm that your site is set up with SSL Secure access properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/

Similar Posts

  • All
  • ftp
  • sftp
  • ssh
  • ubuntu
  • apache2
  • lamp
  • mariadb
  • php
  • raspberrypi
  • wordpress
  • adblocker
Install Deluge BitTorrent Server on Ubuntu 22.04

Mobeen Syed on October 3, 2022

This tutorial will guide you the procedure to Install Deluge BitTorrent Server, Client and Web Client on Ubuntu 22.04 Desktop/Server.
READ MORE
Brute Force Protection on SSH

Mobeen Syed on January 22, 2021

How to Prevent Brute Force attack on SSH on Ubuntu and seven protective measures to prevent the attack and safeguard your server.
READ MORE
Fail2Ban Brute force Protection on Nextcloud

Mobeen Syed on October 3, 2022

Installation and Setup of Fail2ban Brute force protection on Nextcloud, SSH, FTP etc on Ubuntu or other debian based distributions.
READ MORE

One Reply to “SSL Secure Access for own domain using Free LetsEncrypt Certificates”

Ezeelogin May 29, 2023,  12:16 pm

Ezeelogin Is an All-In-One SSH (Secure Shell Protocol) Gateway Network Protocol Platform for Business to Meet Compliances Such as PCI DSS, HIPPA, SOX, SOC2, FFIEC NIST, NERC, ISO 27001. We Empower Millions of Customers Around the World to Secure and Automate Their Linux Machine with Our Smart Technology, Award-Winning Support, And Inspiring Features Built for Engineers. Founded In 2012 And headquartered in Kerala India with Additional Office in Delaware USA, and Offering Services Globally Having Clients from E-Commerce, Fintech, Mobile, Advertising Company, Start-Ups, Data Canters, Hosting Providers Etc to know more visit us: https://www.ezeelogin.com

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *