How to get an SSL certificate for Docker AIO

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
, ,
1

Hello everyone,

after installing the Docker AIO and setting it up through port 8443, I can not access Nextcloud as the SSL certificate seems missing or wrong.

The current setup:

  • I have installed the Nextcloud docker AIO on a server running Windows 10 to which I have root access.
  • The starting command for the docker image is the same as in the instructions on GitHub, except I raised the memory limit and added a data folder on the harddrive, not in the Docker volume.
  • I own a domain and want to use a subdomain for my cloud, let’s say “cloud.mydomain.com”.
  • I set up an A entry in the DNS setting of my domain provider to have “cloud.mydomain.com” point at my server’s IPv4
  • I set up a subdomain in the settings of my domain provider, leading to my server’s IPv4
  • The subdomain automatically gets an SSL certificate from Let’sEncrypt (I can choose not to get a certificate or use an own one (for an extra price)). HSTS and automatic redirection from http to https are active but can be deactivated.
  • I configured “cloud.mydomain.com” to be the domain for Nextcloud in the AIO setup.

Result:

  • With this settings I could access “cloud.mydomain.com:8443” to set up the AIO.
  • Trying to access “server-IP:8080” leads to the AIO-setup, “cloud.mydomain.com:8080” leads to the error: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
  • When trying to access Nextcloud itself “cloud.mydomain.com” I am redirected to the IP of the server and the SSL error is displayed: SSL_ERROR_INTERNAL_ERROR_ALERT
  • Trying to access “cloud.mydomain.com:80” leads to the error: SSL_ERROR_RX_RECORD_TOO_LONG

I tried to set up a certificate using Certbot in the Docker terminals of the AIO mastercontainer as well as the apache container, but neither seem to have Certbot installed or any application manager like apt.

I also tried to remove the subdomain so there would be only the DNS entry, which leads to an SSL error: SSL_ERROR_BAD_CERT_DOMAIN
and does not appear to redirect to the server at all. The certificate it shows is the basic certificate of the domain provider.

I can also set up DNS entries on my server provider.

Please help me get and set up a certificate or to configure my settings to use the existing ones.

Best regards and thanks in advance,
Grom

2

Afaik certbot needs port 80 and Port 443 forwarded to thd nextcloud server, so on your router have portforwarding set up to forward to 8080 and whatever the ssl port is on your docker instance.

3

Yes, you need to accept the self signed certificate

4

For some reason the isssue solved itself over night. I cannot explain how, nothing seems to have changed except Nextcloud magically working today.