-
-
Notifications
You must be signed in to change notification settings - Fork 216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to enable-https with a tailscale cert? #2684
Comments
It may be that tailscale is only giving you the fullchain cert. Open up your .crt file. Do you see multiple "BEGIN CERTIFICATE"/"END CERTIFICATE" lines indicating that your cert is actually several certs? |
Thank you so much for a quick reply. As you may guess, I am not very well versed in how all this happens. But, YES, in the
I will attempt that and report back. |
Not quite, the chain doesn't generally include the final cert, but that's beside the point: yes, give that a shot. We really should support not supplying a chain file, that's deprecated in Apache nowadays anyway because it now supports chained certs, like you have. |
YES I think that works! I did need to duplicate the file since it complained there was no
And I can now access nextcloud from a browser this way with no complaint about not being https etc:
I will link to this issue for others that have been having the same issues. Thank you for the suggestion. |
Closing, thanks again! |
Excellent. Okay, while it's true that this issue is unrelated to the other one, I'll share the same word of caution. Let's Encrypt certificates are designed to be automatically renewed. Operating under that assumption means they can make their certs valid for very short timespans: 90 days. By manually loading those certs into Nextcloud, you're signing yourself for manually loading new certs in every 90 days or so or they will expire. |
Yes, understood. I will have to see how much pain this is, not sure if I can whip up a simple script with cron to take care of renewal? I see tailscale referencing "caddy" which can run on the server as well to manage this, but I am a bit out of my league (I am sure you will understand more than me :-) https://tailscale.com/kb/1190/caddy-certificates |
Describe the bug
I would like to use nextcloud only exposed to the world via a tailscale network and a tailscale cert but am unable to understand how to enable it.
To Reproduce
Steps to reproduce the behavior:
tailscale cert myname.ts.net
command. This creates localcert.pem
andkey.pem
files, and registersmyname.ts.net
with Let's Encrypt.nextcloud.enable-https custom
command, I can enter the first 2 parameters for the.crt
and.key
files, but I don't have achain.pem
file for the 3rd parameter. This may be a tailscale issue, but it seems that it may just be a lack of understanding on my part?OS/snapd/snap version
Ubuntu 22.04
Logs
Here is the output I am receiving when attempting to use the FQDN as the chain which obviously doesn't work:
Thank you for any advice.
The text was updated successfully, but these errors were encountered: