There's more...

This recipe focuses on the nginx configuration. You may be more familiar with other tools such as the Apache web server and mod_proxy. In this case, you can of course use these to achieve a similar setup.

If you would rather not rely on Let's Encrypt and prefer using another Certification Authority (CA), you can use the following process:

1. Install openssl:

   $ sudo apt-get install openssl

1. Generate the key for your server:

   $ mkdir ~/sslkey
   $ openssl genrsa -out ~/sslkey/server.key 2048

1. Generate a signing request:

   $ openssl req -new -key ~/sslkey/server.key\
   -out ~/sslkey/server.csr

1. The preceding command will ask you a series of questions about your company and your Odoo server's URL. Don't get these wrong or your certificate will be unusable.
2. You will be able to send the file, ~/sslkey/server.csr, to a Certification Authority (CA) of your choice. The CA will send you back a file called server.crt.
3. You will need to store the file in the directory /etc/nginx/ssl/ together with the file server.key generated in step 2:

   # mkdir -p /etc/nginx/ssl
   # chown www-data /etc/nginx/ssl
   # mv server.key server.crt /etc/nginx/ssl
   # chmod 710 /etc/nginx/ssl
   # chown root:www-data /etc/nginx/ssl/*
   # chmod 640 /etc/nginx/ssl/*

1. Then, in the nginx configuration file /etc/nginx/sites-available/odoo-443 provided in the recipe, rewrite the ssl_certificate and ssl_certificate_key lines, as follows:

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

1. Finally, restart nginx