Cannot get SSL / HTTPS to work

I just installed NC via Snap on Ubuntu and I can now access it locally and externally, but not yet securely.

I first wanted to use NC without a domain name, but when I saw that let’s encrypt needs a domain name as well I went ahead and got one anyway. The domain comes with one included SSL certificate. I have set this domain to redirect to my IP external IP address (and force HTTPS) and I get the following Error: NSURLErrorDomain.

I think the problem is with NC’s generation of certificates which (correct me if I’m wrong) is supposed to happen automatically with the Snap version as I found out later. This does not seem to be working correctly and I cannot find a solution to this online as most manuals are for the cli installed versions.

Can anyone point me in the right direction here? Semi-N00b but willing to go for the manual installation if people here believe that would make things easier.

Many thanks in advance for your help!

Edit:

Let’s encrypt [sudo nextcloud.enable-https lets-encrypt] end up giving me the following error:

Domain: nextcloud.ow37.nl
Type: connection
Detail: 2a01:238:20a:202:1161::: Fetching
https://143.176.234.210/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXX:
Invalid host in redirect target “143.176.234.210”. Only domain
names are supported, not IP addresses

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

• Your account credentials have been saved in your Certbot
  configuration directory at
  /var/snap/nextcloud/current/certs/certbot/config. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.

The problem there is that I can’t set AAAA record as my ISP still only has ipv4…

for some reason there is a redirect to 143.176.234.210 you need to remove this issue before you can receive valid TLS certificate.

Hey thanks for your reply!

Yes that’s the external IP address that it needs to redirect to as I am self-hosting NC on that address…

You can not issue a certificate for an Ip address. you need to have valid domain name and use this to access thesystem.

Hmm, I got a domain only because let’s encrypt mentioned it wouldn’t work without it. I now have bought that domain (nextcloud.ow37.nl) which is forwarding to my server/pc’s external Ip address. The whole idea being that I’ll have more space for “free” if I self host everything.

Now the domain does come with a certificate, are you saying I should use that certificate on my server as well? Or do they both use their own certificate (i.e. the domain it’s own and my server the self signed other one?).

Hope I’m being clear and thanks again in advance!

you are trying to acquire a letsencrypt certificate

which must be linked to a domain. If you say you have a cert already than you must store it on your server. TLS/HTTPS doesn’t work with IP at all…

I think you should familiarize yourself with basic concepts of TLS certificates…

Will do, thx for the input!