You can no longer buy certificates that are valid for 3 or even 5 years. Since 2020, 398 days or about 13 months is the maximum, and in the near future it will be even shorter.
What exactly do you mean by āthese extensions to stop popping up every time the Letās encrypt ssl expiresā? Iām using Certbot on my server for years and it automatically renews my certificates without any problems and without me even noticing, and it does the same on millions of other servers worldwide.
In 2025 there is absolutely no reason for a home user, and I think for most business use cases as well, to spend money on a certificate. If the automatic renewal isnāt working for you, you should try to fix the problem thatās causing it not to work, rather than trying to work around it by buying a certificate.
You could start by filling out the support template and describing your setup so that the community can try to help you.
Sorry for my ignorance on this matter.
I use browser extensions like the nextcloud password extension or the bookmarks extension.
So once the certificate expires or requires me to letās encrypt again then the browser gets ssl security pop up window on it likely due to the browser bookmarks extension needing
I was not aware of a āautomatic renewalā option.
Iām reading certbot now and installed via āsudo install snap certbot --classicā.
I assume this is the proper version of certbot.
I could use some tips on how to use certbot with nextcloud installed on ubuntu server with snap etc.
you donāt need certbot installed for getting the snap encrypted. Nextcloud snap includes a service for automated HTTPS encryption and renewal using Lets Encrypt, self-signed certificates, or custom certificates.
be sure to remove certbot sudo snap remove --purge certbot --classic when using the included Nextcloud snap encryption service. you canāt have both services running!
This says create the symbolic link but it fails because there is a link already.
āreadlink -f /snap/bin/certbotā indicates the link already exists to:
usr/bin/snap and not usr/bin/certbot as this instruction indicates.
Thanks,
To start with Iām trying to remove certbot.
sudo snap remove --purge certbot --classic
I get this error:
unknown flag āclassicā
sudo snap remove certbot seems to do the trick, I didnāt actually do anything but install so no configuration of certificates occurred so far.
Iāll read those docs about automatic renewal for lets encrypt I didnāt know there was a way to do that.
once the encryption service is setup correctly, no further action is required
the service will be activated and will check if certificate renewal is necessary
if you have previously disabled that service, you may need to enable it again so that it is active see Managing services
sudo snap enable nextcloud.renew-certs enable the service sudo snap start nextcloud.renew-certs start the service sudo snap start --enable nextcloud.renew-certs start and enable service sudo snap restart nextcloud.renew-certs restart the service
Mine looks like this:
Service Startup Current Notes
nextcloud.apache enabled active -
nextcloud.logrotate enabled inactive timer-activated
nextcloud.mysql enabled active -
nextcloud.nextcloud-cron enabled active -
nextcloud.nextcloud-fixer enabled inactive -
nextcloud.php-fpm enabled active -
nextcloud.redis-server enabled active -
nextcloud.renew-certs enabled active -
But does not renew automatically I always have to run the command and it does indeed renew but not automatically.
so maybe you can be clear which options youāre looking for?
which options do you require?
give a clear example of the unclear options
from what iāve gathered in this post;
you have Nextcloud snap installed on your system.
you wrongly installed the certbot snap thinking youād need that to get an ssl certificate.
your certificates did not renew automatically, probably due to above installed certbot snap.
iāve explained that the certbot snap is not required and should be removed letting the Nextcloud snap certification service do its job. youāve seen the docs about configuring the Nextcloud snap certification service and getting your Nextcloud snap certified.
if there is anything else required for some sort of personalised custom configuration that you have not described in detail, thereās not much anyone can do for you.
have you tried getting a lets encrypt certificate for your Nextcloud snap instance using the Nextcloud snap certification service yet?
everything you need to know is in the man pagesā¦ if something is unclear feel free to request assistance, but be clear about what you need and which option is unclear.
you wrongly installed the certbot snap thinking youād need that to get an ssl certificate.
your certificates did not renew automatically, probably due to above installed certbot snap.
So, not exactly but more like this:
*I have Nexcloud snap installed -(been using it for years with [letās encrypt]
*Since letās encrypt did NOT automatically update I wrongly installed certbot snap
*I did not go any further to configure certbot snap-but asked a question about it on this forum first
*I then removed certbot snap as directed
*I used the command line for āletās encryptā AS ALWAYS to update the certificate.
*Certificates have always been working but expire and require command to update again
Explained further:
Soā¦, because letās encrypt NEVER automatically updated, and has been this way for years, I started to read and research things about attempting to make it automatically update.
So now everything is configured as originally configured years ago including the same old commands I use for letās encrypt. And there is NO snap certbot installed that I know of or any other certbot that I recall.
Letās encrypt commands- takes me through the process to ask if I have everything, and asks for email and to enter domains divided by spaces.
I have my subdomain and base domain entered with spaces as directed by letās encrypt.
Letās encrypt then updates apache and restarts apache etc.
All is well unil it expires again. No automatic updates.
Thatās how itās been for years; and I assumed because thatās just the way it was suppose to be. I had no idea it was actually suppose to automatically update on itās own.
its unclear why this is necessary, its not required and security scan fails for mydomain.tld scans
we still havenāt seen any logs showing that this has failed. without those logs there is no way of telling what went wrong.
so suggested procedure:
remove current configuration and start lets encrypt from scratch entering only the subdomain (cloud.mydomain.tld)
if all is well and the certificate in place, try executing certificate renewal sudo snap restart nextcloud.renew-certs manually to see whether you see an error in the logs, post the output here.
it works if youāre using multiple subdomains like cloud.mydomain.tld, cloud.myotherdomain.tld, nc.mydomain.tld comma seperatedā¦ tested personally.
getting the base domain mydomain.tld and sub domain cloud.mydomain.tld certified works when youāre using a reverse proxyā¦ personally tested, which youāre apparently not using.
its surprising that it worked at all with the certbot snapā¦ did it?
OK, and during the process I noticed something.
Wiki says separate by comma
letās encrypt says (space separate) during the command and command line output instructs to use (space-separate) by lets encrypt itself.
I have not used comma, I have used (space separate)
Let me start from scratch and separate by comma but seems weird to ignore the instruction from lets encrypt
I never used certbot snap. This is what I keep saying. I only installed certbot snap and was going to attempt to use commands for certificates etc.
I never did, and so I uninstalled certbot snap as you directed. So there was never any certbot snap being used to get certificates only lets encrypt.
cerbot snap was a recent development only because lets encrypt was not autorenewing and I was thinking of purchasing a certificate or something because of this.
