Let’s Encrypt certificate steps for OwnCloud

Let’s encrypt is available now for OwnCloud (and everything else) users to run and get a free certificate for. No more self-signed certificates that display an ugly error page or having to pay for a certificate from a certificate authority.

Here is how I ran Let’s Encrypt on my Owncloud 8.2 running Linux Mint using an Apache2 server following the instructions from the Let’s Encrypt website and from an OwnCloud forum post by dark-wulf. The auto setup for apache might work but it did not work directly for me.

  • Make a directory of your server
cd /var/www/html
mkdir .well-known
cd .well-known
mkdir acme-challenge
  • Update your .htaccess file
cd /var/www/owncloud
sudo vim .htaccess
  • In the <IfModule mod_rewrite.c> section, add
RewriteRule ^\.well-known/acme-challenge letsEncrypt.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  • Copy the Let’s Encrypt code onto your computer using the instructions from “Installing Let’s Encrypt”
cd /tmp
$ git clone https://github.com/letsencrypt/letsencrypt 
$ cd letsencrypt
  • Run Let’s encrypt from this directory

./letsencrypt-auto certonly -a manual --email your_admin_mail -d your_domain.com -d http://www.your_domain.com

  • You will be prompted twice with the following:
Make sure your web server displays the following content at http://your_domain.tk/.well-known/acme-challenge/really_long_string before continuing:
really_long_string.more_long_string
  • When prompted, you can run the following commands to create the file and so it is visible online. Do this once for each string, twice total.
sudo vim /var/www/html/.well-known/acme-challenge/really_long_string
copy and paste the string into the file. save the file
sudo chown -R www-data:www-data /var/www/html/.well-known
sudo chmod -R 733 /var/www/html/.well-known
  • Your certificates are now saved onto disk! For good practice, remove the acme-challenge files.
rm /var/www/html/.well-known/acme-challenge/*
  • Your Apache2 server needs to know about them now. What version of Apache are you running? Run this command and look on the Server line.
curl --head your_domain.com
...
Server: Apache/2.4.7 (Ubuntu)
  • Now you can insert the keys and chain into your ownCloud-ssl.conf depending on your Apache2 version where your existing SSL keys are under <VirtualHost your_domain_LAN_ip:443>
sudo vim /etc/apache2/sites-available/ownCloud-ssl.conf
(All Apache) SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem
(Apache<2.4.8) SSLCertificateFile /etc/letsencrypt/live/your_domain.com/cert.pem
(Apache<2.4.8) SSLCertificateChainFile /etc/letsencrypt/live/your_domain.com/chain.pem
(Apache>=2.4.8) SSLCertificateChainFile /etc/letsencrypt/live/your_domain.com/fullchain.pem
  • Restart your webserver.
sudo service apache2 restart
  • Try accessing your site from Chrome Private Browsing. You should not get an error about a dangerous certificate! Repeat making a certificate every three months, hopefully with an automated version by Let’s encrypt for OwnCloud.

Sources:

Advertisements
This entry was posted in How-To, Nextcloud/OwnCloud and tagged , , , , , , , . Bookmark the permalink.

7 Responses to Let’s Encrypt certificate steps for OwnCloud

  1. Pingback: Renewing Let’s Encrypt Certificate for OwnCloud | Man and Keyboard

  2. Blah says:

    Doesn’t work. 404 on the .well-known even with the rewrite rule.

  3. Blah says:

    This doesn’t work. First, making an empty letsencrypt.php page makes no sense. Second, it’s still 404 even with the rewrite rules.

  4. Blah says:

    This doesn’t work. First, creating an empty letsencrypt.php file makes no sense. Second, it’s still 404 even with the rewrite rule.

    And it’s the third time I try to comment here… every time it fails.

  5. Blah says:

    This doesn’t work. First, creating an empty letsencrypt.php file makes no sense. Second, it’s still 404 even with the rewrite rule.

    And it’s the fourth time I try to comment here… every time it fails.

    • Brian_Goodacre says:

      Try to make a text file and post it onto your server. The directory structure may be slightly modified on your server than as it appears on your website. Try to understand how they are the same so you can place the .well-known directory correctly on your server.

      PS – All 4 times work. I need to approve the comments. 🙂

  6. V says:

    For the ref, here is a quick fix and no fiddle tutorial for beginners using certbot
    https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s