Confusion about ssl url and certificates problems

dln949 · July 4, 2019, 4:41am

A person installed Nextcloud 16 on an ubuntu 18.04 server for me. I am very new to all this, so I did not understand all that he did. (I am grateful for his help, though.)

I have an Asus RT-AC87R router. The ubuntu server uses this router. Before he did anything for me, long ago I used the router’s ddns functionality to create a url for my router: xxxx.asuscomm com . The router’s instructions said that Asus would maintain that as a dynamic URL – similar to what no-ip com does – and, the router would acquire and automatically renew a Let’s Encrypt certificate. This then allows me to access a hard drive attached directly to my router from anywhere just by using that URL. This has worked great for the past few years.

As part of the installation of Nextcloud, the person said if I want an SSL connection to Nextcloud, I need to create a dedicated, separate URL. So, at no-ip.com I set one up: zzzz.ddns net. When he was installing Nextcloud on my ubuntu server, I could see in the command lines that he was doing “something” with zzzz.ddns net, and he got a Let’s Encrypt certificate installed on the server, and he set up certbot. And it works, I can access my Nextcloud system from anywhere using zzzz.ddns net. However……

Now, when I try to access xxxx.asuscomm com, I am always directed to a page that gives this error message:

Your connection is not private
Attackers might be trying to steal your information from xxxx.asuscomm com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is xxxx.asuscomm com; its security certificate is from zzzz.ddns net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to xxxx.asuscomm com (unsafe)

And then, if I proceed anyway, I am sent to a Nextcloud page that says this:

Access through untrusted domain
Please contact your administrator. If you are an administrator, edit the “trusted_domains” setting in config/config.php like the example in config.sample.php.

Further information how to configure this can be found in the documentation.

So, now I am very, very confused.

Why and how would the set up of a no-ip.com URL and a Let’s Encrypt certificate on my ubuntu server have any impact on the ddns URL and Let’s Encrypt certificate that my router was managing?

I really don’t understand this stuff, and I don’t know how to proceed.

Kebba · July 4, 2019, 6:31am

It seems like your friend has changed some port forward settings. What that means is that everytime a connection is made to your router from the internet to the standard port for encrypted web traffic, it is forwarded to the webserver running Nextcloud. Your Nextcloud server happily tries to established an encrypted connection with the only certificate it has, the one valid for zzz.no-ip. This will fail, but you can ignore it (but should not) as you have tried. Nextcloud will then complain that it is accessed over an invalid domain. You can “fix” that part by adding it in the configuration file, but it will not remove the ssl warning, nor make it possible to access the ASUS hdd.

The “normal” way to solve multiple hosts on a single external IP/port is to have a webserver that looks at hostnames and forward the traffic to the right place, but I do not know how to do this with an asus router. It might be possible to forward traffic to the router from a reverse proxy. Can you access the hdd from your lan?

A far simpler solution might just be to disconnect the hdd from the router, connect it to your server and kill HDD sharing from the router. Then you can add the HDD as an external storage device and access it through Nextcloud. Is there any special functionality that the router offers and Nextcloud don’t?

dln949 · July 4, 2019, 4:02pm

Hey, thanks!!!

Please stay with me, what you wrote is a lot for my brain to digest, but with the holiday here (in the USA), I won’t be able to focus on this until tomorrow probably. I will need to reread this several times to try to understand. For now I can answer your two questions:

Yes, I can access the HDD from my LAN.

I am VERY new to Nextcloud, so I will answer your last question this way: I think there is no special functionality the router offers that Nextcloud does not… but I am not sure. Today the Asus router has some apps that very nicely provide for media access from anywhere, any device. Also, the HDD being connected to the router allows for me to mount that drive on a couple computers we have, which is very convenient when wanting to access the files on that HDD, adding more files, etc.

Kebba · July 5, 2019, 6:24am

Take it easy and celebrate, the forum is not going anywhere

Media access in Nextcloud is possible, but not a super good experience other than for music, and the apps available for that are not the best. I would look into using the nice server you have instead of utilizing the router anyway. It will require you to install some things, but it will be

A learning experience
Probably a better app experience once done

For media access, I would try Plex Media Server or Emby Media Server. Both are super easy to install on Ubuntu, and configured in a web GUI once installed. I can’t say which is best, (or if there are alternatives. There was a lot of Reddit drama about Emby recently that I have not followed). I am however looking for a Plex alternative now. Not because it does not work, it does beautifully! But I discovered I can’t use it when my home internet went down… The apps for Plex and Emby do cost a bit of money however.

As for the mounted disk. It should also be relatively easy to find a guide for creating a smb share on Ubuntu. It will then show up as a network drive on windows computers when you are your LAN. You need to use Webdav if you want access from the wider internet, but that comes out of the box with Nextcloud! (But worse support on Windows)

dln949 · July 6, 2019, 1:32am

“A far simpler solution might just be to disconnect the hdd from the router, connect it to your server and kill HDD sharing from the router. Then you can add the HDD as an external storage device and access it through Nextcloud.”

After reading through all you wrote, and then doing some research your replies prompted in me, I think the above is the most practical approach for me to follow. Thanks very much for your help, I learned a lot from what you wrote and the subsequent research it enabled me to do.

Kebba · July 7, 2019, 7:35am

Happy to help!

If you find the time, please post an update how you solved your problems! It is always good if people contribute with how they solved their specific set of requirements.

Good luck with your setup😃