Changing domain and SSL cert, and Federated ID?

Over a year ago I deployed a pre-built VM with NextCloud. During setup it configured SSL and I picked a domain, I’ve been happy with it since, works great.

Now, as I pursue hosting potential other items internally on my network, I’m trying to figure out if it’s possible (or difficult) to change the SSL Cert my NextCloud is running, to a new domain, and how that will affected my Federated ID’s or anything?

Nextcloud version (eg, 20.0.5): 27.0.2
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04.6 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.41
PHP version (eg, 7.4): 8.1.17

I’m currently not facing an issue. I’m trying to discover all the variables and things that could break if I decide to purchase my own domain, and deploy NGINX and run multiple SSL sites/servers behind it, and change NextCloud over from its current domain/SSL cert to a new one. I don’t even have a domain named picked out yet, I’m just trying to discover how hard it will be.

I don’t currently use Federated ID’s, but maybe in the future I will, so again trying to understand how changing things will affect things. NextCloud appears to be using CertBot I believe for it’s SSL renewal, but because it’s a pre-built VM, is there other considerations I need to review?

You can configure multiple Domains on the Nextcloud very easy. I realized it via a proxy server with SSL termination and a couple of configuration settings in the config.php. If that will be an option, I’ll share it with you.

I’d appreciate looking over whatever you have. I assume when you reference a proxy server with SSL termination you mean something similiar to NGNIX?

Yes, it is a NGINX proxy.

  • I have an own proxy configuration für each domain name on the NGINX VM

  • in config.php you’ll have to set the different domain names in trusted_domain e.g.

array (
    0 => '',
    1 => '',

collabora code I’ll start via docker

docker run -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro -t -d -p -e "aliasgroup1=,https://cloud\\.xxx\\.de:443|https://cloud\\.yyy\\.de:443" -e "aliasgroup2=" -e "username=secret" -e "password=secretsecret" -e "extra_params=--o:ssl.enable=false" -e "extra_params=--o:ssl.termination=true" --res
tart always --name=NEXTCLOUDOFFICE --cap-add MKNOD collabora/code