Does Nextcloud snap re-issue self signed certificate?

I am using all latest stable software on Ubuntu server 18.04 and Nextcloud snap.

The issue I am facing:
Today I was informed that nextcloud had issued a new self-signed certificate. I did not do it, so I am wondering if the snap renews automatically. I did not check the lifetime of the original certificate that I created. This new one now is for 3 months though. I am concerned that maybe someone has broken in.

Is this the first time you’ve seen this error? (Y/N): Y

It does if you set up certbot.

I created a local self signed certificate within the snap. My instance is local only. Is there a way to check previous certs I have created? I did not check expiration date when creating the cert.

If the certificate is from Let’s Encrypt (which is what certbot uses), then 3 month duration is standard.

My guess is that you set up certbot while following a guide and just don’t know that you did it.,-TLS)#2-enable-https

Yes, thanks, this is what I did:

$ sudo nextcloud.enable-https self-signed

Do you know how I can change the expiration date on my self-signed cert so I don’t have to keep going through the renewal thing every 3 months?

Just to clarify, the 3-month certificate isn’t self-signed. It’s signed by Let’s Encrypt, and thus fully legitimate online.

But no, you can’t change the expiration. All of their certificates are 3 months. Since it auto-renews, the short duration won’t really matter.

Ok, but I have a self-signed. Do you perhaps know how to set the expiration date on that or how long the self-signed certs last by default. Thanks.

Sure. It depends on how the cert is created. For example with OpenSSL:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

You can set the -days parameter to whatever you like.

I just want to point out though, this is kind of a step backward if you already have Let’s Encrypt up and running. And if that’s the case, you are no longer using a self-signed cert even if you started with one. Certbot will replace it with the one it generates about every two months.

I am running an internal server only. There is no connection to the Internet, so certbot and LetsEncrypt cannot work.

Same here. Did you found any solution?

I also use the nextcloud-snap installation (and it works really great!) only internally (not connected to the internet).
As a solution for the frequent certificate renewal (and the necessary confirmations on ALL devices), I created a certificate that lasts for 10 years. I described what I did, a few minutes ago, here:

Possibly this helps.