Secure Odoo 18 with SSL/TLS: Complete HTTPS Setup Guide

Implementing SSL/TLS encryption for your Odoo 18 installation is crucial for protecting sensitive business data, user credentials, and maintaining customer trust. This guide will walk you through setting up free SSL certificates using Let's Encrypt and configuring HTTPS for your Odoo instance.

Why SSL/TLS is Essential for Odoo

SSL/TLS encryption provides:

  • Data Protection: Encrypts all data transmitted between users and your Odoo server
  • Authentication: Verifies your server's identity to users
  • SEO Benefits: Google favors HTTPS websites in search rankings
  • Browser Trust: Modern browsers warn users about non-HTTPS sites
  • Compliance: Required for PCI DSS, GDPR, and other regulations
  • Customer Confidence: Shows professionalism and security awareness

Prerequisites

Before starting, ensure you have:

  • Odoo 18 installed on Ubuntu 24.04 LTS
  • Nginx configured as reverse proxy (see our Nginx guide)
  • A valid domain name pointing to your server
  • Port 80 and 443 open in your firewall
  • Root or sudo access to your server

Step 1: Install Certbot

Certbot is the official Let's Encrypt client that automates certificate installation:

sudo apt update
sudo apt install certbot python3-certbot-nginx -y

Verify installation:

certbot --version

Step 2: Prepare Nginx Configuration

Ensure your Nginx configuration has the correct domain name:

sudo nano /etc/nginx/sites-available/odoo18

Your server block should look like this:

server {
    listen 80;
    server_name your-domain.com www.your-domain.com;
    
    # Your existing configuration
    include /etc/nginx/snippets/odoo-proxy.conf;
}

Test Nginx configuration:

sudo nginx -t
sudo systemctl reload nginx

Step 3: Obtain SSL Certificate

Run Certbot to obtain and install the certificate:

sudo certbot --nginx -d your-domain.com -d www.your-domain.com

Follow the prompts:

  1. Enter your email address (for renewal notifications)
  2. Agree to the Terms of Service
  3. Choose whether to share your email with EFF (optional)
  4. Select option 2 to redirect all traffic to HTTPS

Step 4: Verify SSL Installation

Certbot automatically modifies your Nginx configuration. Check the updated configuration:

sudo nano /etc/nginx/sites-available/odoo18

You should see something like:

server {
    server_name your-domain.com www.your-domain.com;
    
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    include /etc/nginx/snippets/odoo-proxy.conf;
}

server {
    if ($host = www.your-domain.com) {
        return 301 https://$server_name$request_uri;
    } # managed by Certbot

    if ($host = your-domain.com) {
        return 301 https://$server_name$request_uri;
    } # managed by Certbot

    listen 80;
    server_name your-domain.com www.your-domain.com;
    return 404; # managed by Certbot
}

Step 5: Enhance SSL Configuration

For better security, create a custom SSL configuration:

sudo nano /etc/nginx/snippets/ssl-params.conf

Add the following content:

# Modern SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

# SSL optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

# Security headers
add_header Strict-Transport-Security "max-age=63


Configure Nginx as Reverse Proxy for Odoo 18: Complete Guide