How to manage Lets Encrypt for Nextcloud snap

📑 How to
, ,
1

Managing Lets Encrypt for Nextcloud snap

Managing encryption

See Requirements, managing encryption and configure Nextcloud snap

Nextcloud snap includes a service for automated HTTPS encryption using Lets Encrypt, self-signed certificates, or custom certificates.

Enable HTTPS via Lets Encrypt. HTTP will redirect to HTTPS. Non-custom certificates will automatically be kept up-to-date. See nextcloud.enable-https -h for more information. Note that this requires sudo or root privileges.

Run nextcloud.enable-https -h for more information:

  • issue command in host shell
sudo nextcloud.enable-https -h

grafik

Enable Lets Encrypt in Nextcloud snap:

  • issue command in host shell
sudo nextcloud.enable-https lets-encrypt

TIP

Read the resulting response carefully and ensure the requirements are met.

grafik

Enter valid email address and domain/subdomain.
If you need to setup multiple domains then separate the domains/subdomains with a comma.

Lets Encrypt failed after entering incorrect data.

If you’ve tried to encrypt your Nextcloud snap with Lets Encrypt and something went wrong after entering incorrect data, you’ll need to correct that data.

You may run into a ... permission error because only root may overwrite the data.

Simply switch user to root sudo -i and try entering the correct data as root # nextcloud.enable-https lets-encrypt.

If that doesn’t work, you’ll need to start from scratch.

Disable Lets Encrypt in Nextcloud snap

sudo nextcloud.disable-https lets-encrypt

Disable renew service in Nextcloud snap

Due to a snapd issue it may be necessary to disable the renewal-service manually.

sudo snap stop --disable $SERVICE

Example:

sudo snap stop --disable nextcloud.renew-certs

Check renew service in Nextcloud snap

Renew service renew-certs.service is automated in Nextcloud-snap.

Check renewal by issuing:

sudo journalctl -u snap.nextcloud.renew-certs.service

Self signed certificate in Nextcloud snap

Enable self signed certificate:

sudo nextcloud.enable-https self-signed

Change Lets Encrypt domain – Lets Encrypt from scratch

  1. Disable Lets Encrypt
  2. Remove all current Certificates
  3. Get new Certificates
  • disable HTTPS (this just removes a symlink, it doesn’t remove any certificates):
sudo nextcloud.disable-https
  • remove all/any certificates that are there (this includes self-signed certs, Let’s Encrypt certificates, everything). Make sure you get this command right, you don’t want to delete anything else in the current/ directory:
sudo rm -rf /var/snap/nextcloud/current/certs
  • add required empty directories:
sudo mkdir -p /var/snap/nextcloud/current/certs/certbot
  • pretend you’re enabling HTTPS for the first time, using only the domains you want:
sudo nextcloud.enable-https lets-encrypt

NOTE

You may run into a ... permission error because only root may overwrite the data.

Switch to root by issuing; sudo -i and try entering the correct data as root # nextcloud.enable-https lets-encrypt.

Lets Encrypt Log

View Lets Encrypt log in Netxtcloud snap:

sudo cat /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
1 Like