Let’s encrypt is available now for OwnCloud (and everything else) users to run and get a free certificate for. No more self-signed certificates that display an ugly error page or having to pay for a certificate from a certificate authority.

Here is how I ran Let’s Encrypt on my Owncloud 8.2 running Linux Mint using an Apache2 server following the instructions from the Let’s Encrypt website and from an OwnCloud forum post by dark-wulf. The auto setup for apache might work but it did not work directly for me.

• Make a directory of your server

cd /var/www/html
mkdir .well-known
cd .well-known
mkdir acme-challenge

• Update your .htaccess file

cd /var/www/owncloud
sudo vim .htaccess

• In the <IfModule mod_rewrite.c> section, add

RewriteRule ^\.well-known/acme-challenge letsEncrypt.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

• Copy the Let’s Encrypt code onto your computer using the instructions from “Installing Let’s Encrypt”

cd /tmp
$ git clone https://github.com/letsencrypt/letsencrypt 
$ cd letsencrypt

• Run Let’s encrypt from this directory

./letsencrypt-auto certonly -a manual --email your_admin_mail -d your_domain.com -d www.your_domain.com


• You will be prompted twice with the following:

Make sure your web server displays the following content at http://your_domain.tk/.well-known/acme-challenge/really_long_string before continuing:

really_long_string.more_long_string

• When prompted, you can run the following commands to create the file and so it is visible online. Do this once for each string, twice total.

sudo vim /var/www/html/.well-known/acme-challenge/really_long_string
copy and paste the string into the file. save the file
sudo chown -R www-data:www-data /var/www/html/.well-known
sudo chmod -R 733 /var/www/html/.well-known

• Your certificates are now saved onto disk! For good practice, remove the acme-challenge files.

rm /var/www/html/.well-known/acme-challenge/*

• Your Apache2 server needs to know about them now. What version of Apache are you running? Run this command and look on the Server line.

curl --head your_domain.com
...
Server: Apache/2.4.7 (Ubuntu)

• Now you can insert the keys and chain into your ownCloud-ssl.conf depending on your Apache2 version where your existing SSL keys are under <VirtualHost your_domain_LAN_ip:443>

sudo vim /etc/apache2/sites-available/ownCloud-ssl.conf
(All Apache) SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem
(Apache<2.4.8) SSLCertificateFile /etc/letsencrypt/live/your_domain.com/cert.pem
(Apache<2.4.8) SSLCertificateChainFile /etc/letsencrypt/live/your_domain.com/chain.pem
(Apache>=2.4.8) SSLCertificateChainFile /etc/letsencrypt/live/your_domain.com/fullchain.pem

• Restart your webserver.

sudo service apache2 restart

• Try accessing your site from Chrome Private Browsing. You should not get an error about a dangerous certificate! Repeat making a certificate every three months, hopefully with an automated version by Let’s encrypt for OwnCloud.

Sources:

• https://letsencrypt.org/howitworks/
• https://forum.owncloud.org/viewtopic.php?t=31976&p=103137
• http://letsencrypt.readthedocs.org/en/latest/using.html
• https://www.geocerts.com/install/apache_2