Let’s encrypt is a non-profit organization certificate authority established to provide SSL. Their service completely free of cost. The certificates are valid for 3 months, but we can automate the renewal process.
Before doing this, please note that following things need to be replaced by relevant values. I don’t think it needs further explanation.

  • MyServerName
  • MyAdminEmailAddress
  • MyServerAddress

This is tested on Ubuntu 14.04 server running Odoo 9.

Install Apache2

First we need to install the Apache2 server. If you already running it, good – skit these.

sudo apt-get install apache2
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod proxy_http
sudo a2enmod headers
sudo service apache2 restart

Install Let’s Encrypt SSL

Below is an excellent article on this, install it and come back.
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

  • Download certbot
  • Setup certificate – Use your erp domain name for generating certificate.
  • setup auto renewal – don’t forget to do this step.

Add Odoo.conf file

cd /etc/apache2/sites-available
sudo nano odoo.conf
  • Add following lines in odoo.conf
<VirtualHost *:80>
ServerName MyServerName
ServerAdmin MyAdminEmailAddress

Redirect permanent / https://MyServerAddress/
    TransferLog /var/log/apache2/transfer.localhost.log
    ErrorLog /var/log/apache2/error.localhost.log
</VirtualHost>

<VirtualHost *:443>
   ServerName MyServerName
   ServerAdmin MyAdminEmailAddress
<Proxy *>
                Order deny,allow
                Allow from all
</Proxy>
   SSLEngineĀ on
   SSLCertificateFile /etc/letsencrypt/live/MyServerAddress/cert.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/MyServerAddress/privkey.pem
   SSLCertificateChainFile /etc/letsencrypt/live/MyServerAddress/chain.pem

   ProxyRequests Off
   ProxyPass / http://MyServerAddress:8069/
   ProxyPassReverse / http://MyServerAddress:8069/
   ProxyErrorOverride off
   TransferLog /var/log/apache2/transfer.localhost.log
   ErrorLog /var/log/apache2/error.localhost.log
   CustomLog /var/log/apache2/ssl.localhost.log combined

   #Fix IE problem (httpapache proxy dav error 408/409)
   SetEnv proxy-nokeepalive 1
   RequestHeader set "X-Forwarded-Proto" "https"
</VirtualHost>

Edit Ports.conf

cd /etc/apache2
sudo nano ports.conf
  • Add following content in ports.conf
# /etc/apache2/ports.conf

#NameVirtualHost *:80
Listen 80

<IfModule ssl_module>
#       NameVirtualHost *:443
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Enable Odoo configuration

sudo a2ensite odoo
sudo service apache2 restart
sudo nano /etc/apache2/apache2.conf

Add following content to the last line of apache2.conf

ServerName MyServerName

Additional security and testing

2 thoughts on “Free SSL from Let’s encrypt for Odoo in Apache2

  1. Hi Basheer,

    Seems that a line is incorrect in Odoo.conf:
    “ngine on” should be “SSLEngine on”

    Thanks for the article!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.