How to refresh self signed certificates

iliasbartolini · January 28, 2021, 9:37pm

Nextcloud version (eg, 20.0.5): 20.0.6
Operating system and version (eg, Ubuntu 20.04): Raspbian GNU/Linux 10 (buster)
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.38
PHP version (eg, 7.4): 7.3.19

Hi, I’ve installed today NextCloudPI on top of a latest Raspian version.

After the initial setup I had to change the hostname of my Pi.

After this change the hostname does not match anymore the CN of the https certificate (still using the old hostname).

Is there an simple way to re-generate the self-signed certificates to match the new hostname?

just · January 28, 2021, 10:36pm

You should be able to set and reset this from the :4443 admin panel or via ncp-config on the terminal.

iliasbartolini · January 29, 2021, 2:09pm

Thanks, I had looked into that but via ncp-config I can only find options to enable letsencrypt but not for refreshing self-signed certificates.
I checked under ‘NETWORKING’ and ‘SECURITY’.

iliasbartolini · January 30, 2021, 7:29pm

Nevermind, I figured it out they where simply the generated snakeoil certificates in here:

github.com

nextcloud/nextcloudpi/blob/f00fe2105e96f69f5acd9794e4b738ab56ebaf6a/lamp.sh#L110


    a2enmod dir
    a2enmod mime
    a2enmod ssl
    echo "ServerName localhost" >> /etc/apache2/apache2.conf
    # CONFIGURE LAMP FOR NEXTCLOUD
    ##########################################
    $APTINSTALL ssl-cert # self signed snakeoil certs
    # configure MariaDB (UTF8 4 byte support)
    cat > /etc/mysql/mariadb.conf.d/90-ncp.cnf <<EOF
[mysqld]
datadir = /var/lib/mysql
EOF
    cat > /etc/mysql/mariadb.conf.d/91-ncp.cnf <<EOF
[mysqld]
transaction_isolation = READ-COMMITTED
innodb_large_prefix=true

To regenerate them I move the old key and cert and regenerated with

sudo make-ssl-cert generate-default-snakeoil

Or you can just use
sudo make-ssl-cert generate-default-snakeoil --force-overwrite