#315: Secure OwnCloud with HTTPS Implementation - Rmhibbert/oe2-group-c GitHub Wiki
Step by step
Install certbot
Description: First run these 2 commands to make sure they are installed, run the recommended commands if they aren't
Command: pip --version, snap version
Description: Install certbot
Command: sudo snap install --classic certbot
Description: check that certbot can be run
Command: sudo ln -s /snap/bin/certbot /usr/bin/certbot
Description: Use certbot to get a certificate
Command: sudo certbot --apache
Description: Make certbot automatically renew
Command: sudo certbot renew --dry-run
Register email
Description: Register email for first-time login
Command:
sudo certbot register --agree-tos --email [email protected]
Create Let’s Encrypt’s Config Files
Description: Create files and set permission
Command:
cd /etc/letsencrypt sudo touch cli.ini list.sh renew.sh renew-cron.sh delete.sh group-c.op-bit.nz.sh
sudo chmod +x *.sh
Create Let’s Encrypt’s Config Files
Description: Create files and set permission
Command:
cd /etc/letsencrypt
sudo touch cli.ini list.sh renew.sh renew-cron.sh delete.sh group-c.op-bit.nz.sh
sudo chmod +x *.sh
Edit the contents of the files
Description: cli.ini
Command:
rsa-key-size = 4096 email = [email protected] agree-tos = True authenticator = webroot
post-hook = service apache2 reload
Description: list.sh
Command:
#!/bin/bash
LE_PATH="/usr/bin" LE_CB="certbot"
"$LE_PATH/$LE_CB" certificates
Description: renew.sh
Command:
#!/bin/bash
LE_PATH="/usr/bin" LE_CB="certbot"
"$LE_PATH/$LE_CB" renew
Description: renew-cron.sh
Command:
#!/bin/bash
LE_PATH="/usr/bin" LE_CB="certbot"
"$LE_PATH/$LE_CB" renew --no-self-upgrade --noninteractive
Description: delete.sh
Command:
#!/bin/bash
LE_PATH="/usr/bin" LE_CB="certbot"
function get_certificate_names() { "$LE_PATH/$LE_CB" certificates | grep -iE "certificate name" | awk -F: '{gsub(/\s+/, "", $2); printf("- %s\n", $2)}' }
echo "Available Certificates:"
get_certificate_names echo
read -p "Which certificate do you want to delete: " -r -e answer if [ -n "$answer" ]; then "$LE_PATH/$LE_CB" delete --cert-name "$answer" fi
Description: group-c.op-bit.nz.sh
Command:
#!/bin/bash LE_PATH="/usr/bin" LE_CB="certbot"
Replace example.com with your domain name(s)
export DOMAINS="-d group-c.op-bit.nz"
"$LE_PATH/$LE_CB" certonly --config /etc/letsencrypt/cli.ini "$DOMAINS" # --dry-run
Create an SSL certificate
Description: Run the command
Command: sudo /etc/letsencrypt/group-c.op-bit.nz.sh
Crontab Automatic Renewal
Description: make sure you are in the home folder cd /
Command: sudo crontab -e
Description: at the end of the file add this the save and exit
Command: 30 03 * * 6 /etc/letsencrypt/renew-cron.sh
Enable HSTS header in Apache config
Description: use this command
Command: sudo a2enmod headers # Ubuntu, Debian and SUSE variants
Edit owncloud config
Description: Go to sudo nano /etc/apache2/sites-available/owncloud.conf
Command: change virtual host to from 80 to 443 and add this to the end
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
sudo systemctl restart apache2
Description: Disable TLS 1.0/1.1
edit /etc/letsencrypt/options-ssl-apache.conf
Command: Remove the TLS 1 & TLS 1.1 option on the SSLProtocol
search for group-c.op-bit.nz