Every production ERP needs SSL encryption. Let’s Encrypt provides free SSL certificates that auto-renew. This guide covers setting up SSL for both ERPNext and Odoo behind Nginx.

Pre-requisites

A registered domain name pointing to your server
Nginx installed and configured
Port 80 and 443 open in your firewall

STEP 1 Install Certbot

sudo apt update
sudo apt install -y certbot python3-certbot-nginx

STEP 2 Get Your Certificate

sudo certbot --nginx -d yourdomain.com

Certbot will ask for your email (for renewal reminders) and whether to redirect HTTP to HTTPS. Choose redirect — there’s no reason to serve an ERP over plain HTTP.

STEP 3 Verify Auto-Renewal

Let’s Encrypt certificates expire every 90 days, but Certbot sets up a systemd timer to renew them automatically.

sudo certbot renew --dry-run

If the dry run succeeds, your certificates will renew automatically. No further action needed.

STEP 4 Verify SSL

curl -I https://yourdomain.com

You should see HTTP/2 200 and the certificate details. Your ERP is now encrypted with SSL.

For ERPNext Specifically

If you used bench setup production, Certbot handles everything. But if you need to do it manually:

cd frappe-bench
bench config dns_multitenant on
bench setup lets-encrypt yourdomain.com

Troubleshooting

# Check certificate expiry
sudo certbot certificates

# Force renewal
sudo certbot renew --force-renewal

# Check Nginx config
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx

SSL is non-negotiable for any ERP system. Your financial data, customer information, and business operations are flowing through this connection. Encrypt it.

#Certbot #DevOps #HTTPS #Let's Encrypt #Nginx #Security #Self-Hosted #SSL #Tutorial #Web Security
Share this article

Comments

Join the discussion. Got a question, found an issue, or want to share your experience?

Leave a Comment

Your email stays private. We just use it for replies.

Nothing to preview yet.

Use **bold**, *italic*, `code`, ```code blocks```, [link](url), > quote, - list