Code signing "EXTRA_FILE" - Let's encrypt


I have just updated our installation to 18.06 and discovered the code signing which I believe is a great feature which increases the security of installations. Now I get an error message about the integrity of my installation.

Let’s encrypt writes files into the installation root folder to guarantee the security of our SSL encryption. Can I ignore the error message then? I cannot move these files without breaking our certificate…

Is there any way to whitelist those files?

The feature shows you what is different to the default setup. If you know that this is ok, there is no problem. There are other ways to set it up that the letsencrypt stuff is in a different vhost, so the Nextcloud folder can remain unchanged. It depends how you set it up, in case of webhosting packages, it can be the case that it isn’t possible to change it by yourself.

Hi @tflidd.

Thanks for the answer. Due to the server management software letsencrypt cannot be reconfigured to store the files in another destination folder. Letsencrypt works as a plugin of the server management software itself. Anyway thank you very much for the appreciated information.

Yes you can. Let’s Encrypt’s HTTP-01 challenge imposes no requirement to keep the validation files around. Once you have the certificate, it’s done (the files in .well-known/acme-challenges are only there to prove to Let’s Encrypt that you control the web server; TLS clients do not use them to “guarantee the security” of encryption).

You should check if there’s an option in the server management plugin to “clean up challenges” or something along those lines. Otherwise I would ask your hosting provider or the plugin vendor - this is buggy behavior that should be fixed.

1 Like

Looking into the issue it seems to be a bad behavior of the plugin itself. I got in touch with the plugin vendor to fix this.

Thanks for the input! :slight_smile: