[HOWTO] https letsencrypt (all-inkl)

Tutorials on ownCloud administration
Forum rules
The forums were migrated over to https://central.owncloud.org which is based on the forum software Discourse. The forums here is put into read-only mode starting from today.

More background information about this move and the reasoning behind it is available in this blogpost:

https://daniel.molkentin.net/2016/07/20 ... d-central/
dark-wulf
Beginner
Posts: 10
Joined: Tue Oct 15, 2013 1:33 pm
ownCloud version: 8.2.2
Webserver: Apache
Database: MySQL
OS: Linux

[HOWTO] https letsencrypt (all-inkl)

Postby dark-wulf » Wed Dec 09, 2015 6:23 pm

For all-inkl write a mail via KAS and they will activate LE for you and renew it automatic.

This should do the trick for other hosted OC's too ;-)
If you used ssl proxy with all-inkl revert your config.php and delete all this overwrite stuff, should look something like this

Code: Select all

....
  'trusted_domains' =>
   array (
    'your_domain',
  ),
 
'mail_from_address' => 'admin',
....

Create a directory on server /.well-known/acme-challenge
Add to you .htaccess

Code: Select all

RewriteRule ^\.well-known/acme-challenge letsEncrypt.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Create file letsEncrypt.php in your root dir

run let's encrypt

Code: Select all

letsencrypt certonly -a manual --email your_admin_mail -d your_domin


copy the long string to letsEncrypt.php

Code: Select all

....
Make sure your web server displays the following content at
http://your_domin/.well-known/acme-challenge/some_short_string before continuing:

some_long_string_to_copy_to_letsEncrypt.php

If you don't have HTTP server configured, you can run the following
command on the target server (as root):
....


#All-inkl (check your domain managing tool step 4 should be the same)
1. Open your Domain/Subdomin in KAS
2. Press Edit
3. Edit SSL
4. copy content of /etc/letsencrypt/live/your_domain/privkey.pem to "key"
copy content of /etc/letsencrypt/live/your_domain/cert.pem to "CRT"
copy content of /etc/letsencrypt/live/your_domain/chain.pem to "Brückenzertifikate"
(optinal) copy content of latest file /etc/letsencrypt/csr/ to csr
5. Save it
6. Enable SSL on top and save

Finally be happy with ssl :-) and dont forget to do this every 3 month

tags: ssl, https, ,lets encrypt

[edit]Modified Rewriterule and Directory as RealRancor stated to not interferer with cal/cardav[/edit]
Last edited by dark-wulf on Fri Mar 18, 2016 5:03 pm, edited 5 times in total.

RealRancor
ownCloud master
Posts: 17381
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 9.0.2
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 7.0.x

Re: [HOWTO] https letsencrypt (all-inkl)

Postby RealRancor » Wed Dec 09, 2015 8:24 pm

Hi,

thanks for posting this tutorial. Not quite sure if your rewrite of .well-known could interfere with the .well-known/caldav and .well-known/carddav used by other apps. A different approach for the rewrite is seen here:

https://github.com/owncloud/core/pull/20966/files
*gone*

dark-wulf
Beginner
Posts: 10
Joined: Tue Oct 15, 2013 1:33 pm
ownCloud version: 8.2.2
Webserver: Apache
Database: MySQL
OS: Linux

Re: [HOWTO] https letsencrypt (all-inkl)

Postby dark-wulf » Sat Dec 12, 2015 11:31 am

Thanks i totally missed this ;-) just updated it

smccloud
Newbie
Posts: 1
Joined: Fri Feb 19, 2016 5:12 am
ownCloud version: 8.2.2
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.6.17

Re: [HOWTO] https letsencrypt (all-inkl)

Postby smccloud » Fri Feb 19, 2016 5:13 am

I'm trying to follow this, and I'm told that Let's Encrypt cannot access my file, it is unauthorized. Any ideas on what could cause this? I'm on ownCloud 8.2.2.

User avatar
DecaTec
Starter
Posts: 85
Joined: Mon Mar 18, 2013 9:59 am
ownCloud version: 8.2.3
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 5.6
Location: Nürnberg
Contact:

Re: [HOWTO] https letsencrypt (all-inkl)

Postby DecaTec » Mon Feb 22, 2016 11:23 am

At the moment, this isn't working anymore.
All-Inkl prepares to offer a one click solution in order to use Let's Encrypt certificates. Meanwhile ther're blocking access to the acme-challenge folder (no content is delivered, it just ends up with a blank page).

According to their support team, you can write an e mail and they will generate and include an LE certificate for you.
Blog: https://decatec.de

dark-wulf
Beginner
Posts: 10
Joined: Tue Oct 15, 2013 1:33 pm
ownCloud version: 8.2.2
Webserver: Apache
Database: MySQL
OS: Linux

Re: [HOWTO] https letsencrypt (no longer for all-inkl)

Postby dark-wulf » Fri Mar 18, 2016 4:55 pm

I can confirm it, just write a mail via KAS and they will activate LE for you and renew it automatic, later on when LE is out of beta they will implement a option in KAS.


  • Similar Topics
    Replies
    Views
    Last post

Return to “Tutorials”

Who is online

Users browsing this forum: No registered users and 1 guest