Sometimes ports 80 and 443 are not available.
We are going to use Letsencrypt’s certbot
--preffered-challenges dns options to get certificates and activate them manually.
You’ll need a domain name (also known as host) and access to the DNS records to create a TXT record pointing to: _acme-challenge.yourNCP.yourdomain.tld with a challenge value provided by
certbot when running it with the
You will also need to have opened (forwarded) a port in your router. So you may want to have your external port start and end at 2443 and your internal port to start and end at 443.
sudo apt install certbot python-certbot-apache
sudo nano /etc/hosts
Add a line with your local IP and hostname.domain.tld
The following command will generate all the required files and the certificate (after providing challenge value for DNS TXT record and successfully reading the DNS record)
(In the below command make sure to change yourNCP.domain.tld to your actual host name)
sudo certbot -d yourNCP.domain.tld --manual --preferred-challenges dns certonly
Please note that you will be asked about your IP being logged after which you will be given a string of characters that you’ll then need to add(deploy) to your DNS TXT record that you have with the host name provider
With the following command open nextcloud.conf:
sudo nano /etc/apache2/sites-enabled/nextcloud.conf
Then add the following two lines (don’t forget to change yourNCP.domain.tld to your actual NCP domain name)
With the following command open the config.php file:
sudo nano /var/www/nextcloud/config/config.php.
Replace the value of
localhost in 0 => \'localhost\' with
localhost in 0 => yourNCP.domain.tld:port
With the following command restart php:
sudo service php7.0-fpm restart
Note: This may fail because your php may be a different version to 7.0. (Tab completion after php will probably complete the available version)
With the following command restart apache2:
sudo service apache2 restart
You should now be able to access your NCP at
I have my test NCP running on port 2443external/443internal, so I have a NAT/port forward accordingly. You are free to access your NCP on any port, now that domain and certificate are verified and installed.