Cannot get SSL to work - everything works fine with HTTP

Hi there, I’m fairly new to Linux and don’t know many commands and mostly follow the commands that are given to me - mainly because I can’t remember most commands in Linux.

So, I’ve installed Linux 22.04on a actual PC - working fine.
Followed Jay Lacroix from Learn Linux TV in detail and installed Linux 22.04 on a physical PC (not on Linode) and Nextcloud

Everthing goes honkeydorie - and I can access everything remotely - no problem, except that I can only do HTTP and not HTTPS.
I’ve followed the installation of Letsencrypt to detail - but it just will not install SSL as it says on the video. Jay Lacroix works fine and gets no problem.
I see that on his Linode he setup “reverse proxy” - but I have no clue as to how to do this at all.
Where do I go from here???

If I get this working and I understand how it works - I will install everything from scratch again and start repeating with what I’ve done. But I first need to understand SSL - where do I go from here.
I’ve put an A record on my domain and IP address to my router - and forwarded ports 80 and 443 to the Linux PC.
And I can access it all - but not securely.

Help please anyone???
Thanks beforehand for your time with this - can’t wait to get it all up and running and then start playing with Nextcloud’s possibilities.

You need certbot with the apache2 plugin

sudo apt-get install certbot python3-certbot-apache

… but as always, read the manual carefully first:

I could explain now what to do step by step, but learning by doing will lead to a better, more satisfying result in the end.

There is a “–dry-run” flag:

--dry-run             Perform a test run of the client, obtaining test
                      (invalid) certificates but not saving them to disk.
                      This can currently only be used with the 'certonly'
                      and 'renew' subcommands. Note: Although --dry-run
                      tries to avoid making any persistent changes on a
                      system, it is not completely side-effect free: if used
                      with webserver authenticator plugins like apache and
                      nginx, it makes and then reverts temporary config
                      changes in order to obtain test certificates, and
                      reloads webservers to deploy and then roll back those
                      changes. It also calls --pre-hook and --post-hook
                      commands if they are defined because they may be
                      necessary to accurately simulate renewal. --deploy-
                      hook commands are not called. (default: False)

… which you should use as long as you need to learn how everything works before you finaly do it “for real”.

It is of vital interest to deal with the topic in detail and understand it completely (don’t worry, it’s not that difficult) so that you have everything set up correctly and the certificates are automatically renewed.

Why is that?
Keep in mind, that the certificates can not be deleted. You must revoke them but that would not be a good start. Thats why the --dry-run was created :wink:

Much luck,

Thanks a million Ernolf - I’ve cracked it - it is working now and got it from the link you pointed me to. I now access Nextcloud via HTTPS.

The reason that I want to start all over again - so the more I do the installation - and learn what is happening - then the better I will understand any problems that i get.
I will re-install it again many time - also to make sure I understand how my data is backed up - and what happens if I increase the storage space - or I need to re-install Nextcloud again etc…

I’ve been let down on a major scale with MS ONEDRIVE - they lost me files that even was escalated to their support who also could not get my files back.
If such an organisation cares so little about their customer data - then it is only me that can fix this - and I’m so glad I found Nextcloud - its a steep learning curve - also with Linux - but still better then relying on the big boys.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.