I am using all latest stable software on Ubuntu server 18.04 and Nextcloud snap.
The issue I am facing:
Today I was informed that nextcloud had issued a new self-signed certificate. I did not do it, so I am wondering if the snap renews automatically. I did not check the lifetime of the original certificate that I created. This new one now is for 3 months though. I am concerned that maybe someone has broken in.
Is this the first time you’ve seen this error? (Y/N): Y
It does if you set up certbot.
I created a local self signed certificate within the snap. My instance is local only. Is there a way to check previous certs I have created? I did not check expiration date when creating the cert.
If the certificate is from Let’s Encrypt (which is what certbot uses), then 3 month duration is standard.
My guess is that you set up certbot while following a guide and just don’t know that you did it.
https://github.com/nextcloud/nextcloud-snap/wiki/Enabling-HTTPS-(SSL,-TLS)#2-enable-https
Yes, thanks, this is what I did:
$ sudo nextcloud.enable-https self-signed
Do you know how I can change the expiration date on my self-signed cert so I don’t have to keep going through the renewal thing every 3 months?
Just to clarify, the 3-month certificate isn’t self-signed. It’s signed by Let’s Encrypt, and thus fully legitimate online.
But no, you can’t change the expiration. All of their certificates are 3 months. Since it auto-renews, the short duration won’t really matter.
Ok, but I have a self-signed. Do you perhaps know how to set the expiration date on that or how long the self-signed certs last by default. Thanks.
Sure. It depends on how the cert is created. For example with OpenSSL:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
You can set the -days parameter to whatever you like.
I just want to point out though, this is kind of a step backward if you already have Let’s Encrypt up and running. And if that’s the case, you are no longer using a self-signed cert even if you started with one. Certbot will replace it with the one it generates about every two months.
I am running an internal server only. There is no connection to the Internet, so certbot and LetsEncrypt cannot work.
Same here. Did you found any solution?
I also use the nextcloud-snap installation (and it works really great!) only internally (not connected to the internet).
As a solution for the frequent certificate renewal (and the necessary confirmations on ALL devices), I created a certificate that lasts for 10 years. I described what I did, a few minutes ago, here:
Possibly this helps.