TurnKey Linux Virtual Appliance Library

Letsencrypt on v14.1 with Odoo

clintonmcdonald's picture

Hi all,

 

Ive been trying to get Letsencrypt on v14.1 with Odoo though webmin but am having no joy. has anyone got this working and how. Step by step instructions wold be awsome please.

So far I have letsencrypt installed and the webmin plugin is showen. I have tryied to generate the setificats but when i enable ssl I loose access to webmin and the ather Web interfaces. So i am assuming that webmin has no real control over ssl and Odoo, if this is the case how and were do I put the certificats for Odoo??

Jeremy Davis's picture

Perhaps let me explain a little...

Ok for starters, in v14.x Webmin and Webshell are both behind stunnel. Stunnel is sort of like a proxy as it provides an encrypted tunnel between external and internal resources. Both Webmin and Webshell listen on (non-encrypted) ports, but only on localhost (so aren't accessible remotely). Stunnel listens remotely (only on https) and provides a tunnel to whatever apps are configured behind it (in this case Webmin and Webshell).

So to use an alternate cert with Webmin (and Webshell) you'll need to configure stunnel to use it (and not Webmin).

It should (hopefully) be as simple as editing the stunnel config file to point to the new cert location and restarting stunnel.

So if you log into your server via SSH, you can edit the config file with nano. Open it like this:

nano /etc/stunnel/stunnel.conf
Then look for this line:
cert = /etc/ssl/private/cert.pem
and adjust it to point to your new Let's Encrypt cert. Exit and save (control-x IIRC). Then restart:
service stunnel4 restart
Odoo itself is proxied by Apache, so you will need to add the new cert to that as well. You have a couple of options there. Possibly the most straightforward (option 1 below) is to adjust the global Apache SSL config file. Note that this will have global consequence so if you reconfigure Apache to serve something else, that will also inherit this SSL cert. If you don't want that, follow the alternate "option 2".

Option 1: adjust global Apache conf

Use nano again to edit the config:
nano /etc/apache2/mods-available/ssl.conf
Adjust the following certificate path to match that of your new certificate:
SSLCertificateFile /etc/ssl/private/cert.pem
Then restart Apache:
service apache2 restart

Option 2: adjust Odoo only config

The alternative is to add the certificate declaration line to the existing Odoo Apache config file. Again use nano:

nano 
This time we add a new line the same as the line that is in the global conf (note local conf overrides global conf). Add it directly below the line that says:
<VirtualHost *:443>
So the updated file will look something like this (this is just a snippet, not the whole file):
[...]

<VirtualHost *:443>
    SSLCertificateFile /path/to/your/cert.pem
    SSLEngine on

[...]
Then restart Apache as per above note.

Hope that helps.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)