The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.
The Basics
Nextcloud Server version (e.g., 29.x.x):
32.0.3
Operating system and version (e.g., Ubuntu 24.04):
hosted without shell access
Web server and version (e.g, Apache 2.4.25):
na
Reverse proxy and version _(e.g. nginx 1.27.2)
na
PHP version (e.g, 8.3):
na
Is this the first time you’ve seen this error? (Yes / No):
na
When did this problem seem to first start?
na
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
hosted without shell access
Are you using CloudfIare, mod_security, or similar? (Yes / No)
hosted without shell access
Summary of the issue you are facing:
I am not able to encrypt system mails via PGP or s/mime
Steps to replicate it (hint: details matter!):
login as an admin
go to Basic settings
populate the mail related things
Why I am looking for E2E mail encryption?
Cause system mails could include sensitive data ( like the password for external file shares ) and could traverse a lot of mailservers at different administrative domains.
As the NC, I am working on, is for something like health care and I classified it as critical, I deactivate the feature which sends a mail back to the invitator.
Running NC on-premise could be a solution to fix this but maybe there is an other solution?
I don’t think that is possible like this right now. If you want to encrypt all notifications, you would need to have all the public keys for the people you are notifying. Not sure, but usually passwords are not sent, you can reset your account but then you get a link to change the access.
You shouldn’t run that on hosted environments, there are too much things out of your control.
fully agree!
For this I found a workaround by disabling sending mails to the invitator.
But for the future I expect that I run in security critical situations where workarounds are not acceptable or not available.
I will collect some more experience with the hosted envionment and in parallel I will setup my self hosted environment.
just for clarification:
I don´t want to encrypt all notifications.
I only want to encrypt mails from nextcloud instance to the invitator ( only a few NC accounts ) nothing else.
You’d first need to implement that Nextcloud notifications can be encrypted, or in a first stage be signed. Then each user would need in his profile a field to put their public key, and then notifications could be sent encrypted as well.
For the mail app, they already included S/MIME support:
