Enable HTTP Strict Transport Security on Ubuntu

ClemBuntu · August 28, 2016, 5:21pm

Hello,
I’ve tried to follow this tutorial ( ownCloud Documentation Overview )
Steps to reproduce

Add the following line :

<VirtualHost *:443>
  ServerName cloud.owncloud.com
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    </IfModule>
 </VirtualHost>

To /etc/apache2/conf-enabled/owncloud.conf file
2. restart apache2
3. get this error message :

[Sun Aug 28 19:02:24.406570 2016] [ssl:emerg] [pid 3095] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

I guess I have to add

SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key

in a configuration file, but which one ?

Expected behaviour
Not having the error

Actual behaviour
apache2 error

Server configuration
Operating system: Ubuntu 14.04
Web server: delestre.io/owncloud
Database: mysql
PHP version: 5.5.9
ownCloud version (see ownCloud admin page): 9.1.0
Updated from an older ownCloud or fresh install: fresh install
ownCloud log (data/owncloud.log, see How to find webserver or OC logfile / enable php logfile):

anon30676603 · August 28, 2016, 8:01pm

Hi,

for configuration help with your webserver its advised to contact a community like:

http://www.apachelounge.com/

where you can reach more experts on this topics.

As configuring SSL is also nothing ownCloud specific you will find plenty of tutorials how to configure your webserver on the net. Very good ones are the ones from digital ocean for example:

tflidd · August 29, 2016, 6:37am

It only says what you have to add to your SSL-VirtualHost (on top of the other entries).