Skip to content

Managing HTTP encryption (HTTPS)

Jump to bottom
scubamuc edited this page May 25, 2024 · 30 revisions

Lets Encrypt

Nextcloud snap includes a service for automated HTTPS encryption using Lets Encrypt, self-signed certificates, or custom certificates.

Enable HTTPS via Lets Encrypt. HTTP will redirect to HTTPS. Non-custom certificates will automatically be kept up-to-date. See nextcloud.enable-https -h for more information. Note that this requires sudo or root privileges.

Run nextcloud.enable-https -h for more information.

sudo nextcloud.enable-https -h

grafik

Enable Lets Encrypt in Nextcloud snap

sudo nextcloud.enable-https lets-encrypt

Enter email address and domain/subdomain. If you need to setup multiple domains then seperate them with a comma.

NOTE: if something went wrong after entering incorrect data, you'll need to correct that data. You may run into a ... permission error because only root may overwrite the data in the file. Simply switch user to root sudo -i and try again as root # nextcloud.enable-https lets-encrypt. If that doesn't work, you'll need to start from scratch.

Disable Lets Encrypt in Nextcloud snap

sudo nextcloud.disable-https lets-encrypt

Disable renew service in Nextcloud snap

Due to a snapd issue it may be necessary to disable the renewal-service manually.

sudo snap stop --disable $SERVICE

Example:

sudo snap stop --disable nextcloud.renew-certs

Check renew service in Nextcloud snap

Renew service renew-certs.service is automated in Nextcloud-snap.

Check renewal by issuing:

sudo journalctl -u snap.nextcloud.renew-certs.service

Self signed certificate in Nextcloud snap

Enable self signed certificate:

sudo nextcloud.enable-https self-signed

Change Lets Encrypt domain -- Lets Encrypt from scratch

  1. Disable Lets Encrypt
  2. Remove all current Certificates
  3. Get new Certificates
  • disable HTTPS (this just removes a symlink, it doesn’t remove any certificates):
sudo nextcloud.disable-https
  • remove all/any certificates that are there (this includes self-signed certs, Let’s Encrypt certificates, everything). Make sure you get this command right, you don’t want to delete anything else in the current/ directory:
sudo rm -rf /var/snap/nextcloud/current/certs
  • add required empty directories:
sudo mkdir -p /var/snap/nextcloud/current/certs/certbot
  • pretend you’re enabling HTTPS for the first time, using only the domains you want:
sudo nextcloud.enable-https lets-encrypt

Lets Encrypt Log

View Lets Encrypt log in Netxtcloud snap:

sudo cat /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log

HTTP/HTTPS port configuration

Putting Nextcloud snap behind a reverse proxy

Let NGINX proxy manager handle encryption

Nextcloud snap Wiki, use all information and scripts at own risk

Nextcloud snap wiki

Install Nextcloud snap

Configure Nextcloud snap

Manage Nextcloud snap

Manage data

FAQ's

Getting help

Develop and contribute

Clone this wiki locally