Implementing SSL/TLS encryption for your Odoo 18 installation is crucial for protecting sensitive business data, user credentials, and maintaining customer trust. This guide will walk you through setting up free SSL certificates using Let's Encrypt and configuring HTTPS for your Odoo instance.
Why SSL/TLS is Essential for Odoo
SSL/TLS encryption provides:
- Data Protection: Encrypts all data transmitted between users and your Odoo server
- Authentication: Verifies your server's identity to users
- SEO Benefits: Google favors HTTPS websites in search rankings
- Browser Trust: Modern browsers warn users about non-HTTPS sites
- Compliance: Required for PCI DSS, GDPR, and other regulations
- Customer Confidence: Shows professionalism and security awareness
Prerequisites
Before starting, ensure you have:
- Odoo 18 installed on Ubuntu 24.04 LTS
- Nginx configured as reverse proxy (see our Nginx guide)
- A valid domain name pointing to your server
- Port 80 and 443 open in your firewall
- Root or sudo access to your server
Step 1: Install Certbot
Certbot is the official Let's Encrypt client that automates certificate installation:
sudo apt update sudo apt install certbot python3-certbot-nginx -y
Verify installation:
certbot --version
Step 2: Prepare Nginx Configuration
Ensure your Nginx configuration has the correct domain name:
sudo nano /etc/nginx/sites-available/odoo18
Your server block should look like this:
server { listen 80; server_name your-domain.com www.your-domain.com; # Your existing configuration include /etc/nginx/snippets/odoo-proxy.conf; }
Test Nginx configuration:
sudo nginx -t sudo systemctl reload nginx
Step 3: Obtain SSL Certificate
Run Certbot to obtain and install the certificate:
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
Follow the prompts:
- Enter your email address (for renewal notifications)
- Agree to the Terms of Service
- Choose whether to share your email with EFF (optional)
- Select option 2 to redirect all traffic to HTTPS
Step 4: Verify SSL Installation
Certbot automatically modifies your Nginx configuration. Check the updated configuration:
sudo nano /etc/nginx/sites-available/odoo18
You should see something like:
server { server_name your-domain.com www.your-domain.com; listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot include /etc/nginx/snippets/odoo-proxy.conf; } server { if ($host = www.your-domain.com) { return 301 https://$server_name$request_uri; } # managed by Certbot if ($host = your-domain.com) { return 301 https://$server_name$request_uri; } # managed by Certbot listen 80; server_name your-domain.com www.your-domain.com; return 404; # managed by Certbot }
Step 5: Enhance SSL Configuration
For better security, create a custom SSL configuration:
sudo nano /etc/nginx/snippets/ssl-params.conf
Add the following content:
# Modern SSL configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; # SSL optimization ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Security headers add_header Strict-Transport-Security "max-age=63