at the end of the installation and configuration all needed tools / option I caught the integrity error
Technical information
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
The preferred way is to do this in your apache-config and place the acme-challenge folder outside the document root of Nextcloud:
E.g: if Nextcloud is in /var/www/nextcloud, you could put the challenges somewhere else (untested) Alias /.well-known/acme-challenge /var/www/acme-challenge
sadly you dont always have a chance to do that. control panels like cpanel that can do LE automatically always put the wellknown into the doc root, and the users can ultimately do nothing against it, since the hosters usually dont care and the users cant get cpanel to do anything as they only take their customers
These panels can be helpful but you certainly loose flexibility. I’m not sure about the plans of the developers and how much effort it would be to put there exceptions and make sure that nobody places malicious code there.
In reality it is not a real problem for you either. Nextcloud still works, it shows you a warning that there is some code that does not belong to Nextcloud, so you can check this code by yourself and decide that you are ok with it.
Aside from the fact that lose in this case is written with just on o, these control panels while they give less flexibility to an admin, for a hoster that’s probably pretty much the only way for having them customers to do stuff without needing to call support all the time, it goes from relatively simple things like setting HTTPS certsm to a completely automation of AQUIRING those, to switching PHP versions and way too many more things to list.
The automatic updater. Feel free to propose a solution that could work for everybody. One could imagine that the content of .well-known directory is copied somewhere to avoid problems of interfering code and copy it back afterwards. But that is stuff you have to discuss with the developers.
Current situation is that on own hosted solutions, you can easily place the .well-known-stuff outside the Nextcloud folder (should be compliant with the RFC). With hosting tools that can be difficult, you need to open a feature request on the update tool (and somehow argue because previous request were closed).