HTTPS on VPS Server

ℹ️ Support
, ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 32.0.3
  • Operating system and version (e.g., Ubuntu 24.04):
    • Ubuntu 24.04.3
  • Web server and version (e.g, Apache 2.4.25):
    • NGINX 1.24.0
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • NGINX 1.24.0
  • PHP version (e.g, 8.3):
    • 8.3.29
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • From Install
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Bare Metal
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No

  • Summary of the issue you are facing:

I have a sub-domain created with another registrar called cloud.my-domain.com. I have a VPS with a separate provider which has an IP address associated with it. With the provider hosting cloud.my-domain.com, I created an A record pointing to the VPS provider IP address and a CNAME record call ‘cloud’ also pointing to the VPS provider IP address. Going to cloud.my-domain.com goes the VPS provider’s IP address and Nextcloud works fine.

How do I setup HTTPS for this type of setup and replace the IP address showing in the URL with the sub-domain?

  • Steps to replicate it (hint: details matter!):

  1. Go to URL cloud.my-domain.com

  2. Log entries

Nextcloud

{“reqId”:“wPkPcg5ng81epajSNHhz”,“level”:2,“time”:“2025-12-28T01:10:58+00:00”,“remoteAddr”:“172.232.9.106”,“user”:“–”,“app”:“core”,“method”:“GET”,“url”:“/cslu/v1/core/conf”,“message”:“Login failed: ‘cslu-windows-client’ (Remote IP: ‘172.232.9.106’)”,“userAgent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2) AppleWebKit/602.4.8 (KHTML”,“version”:“32.0.3.2”,“data”:{“app”:“core”},“id”:“69554ad2d51b6”}PASTE HERE

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

N/A

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

<?php
$CONFIG = array (
  'passwordsalt' => 'xxxxxx',
  'secret' => 'xxxxx',
  'trusted_domains' =>
  array (
    0 => '<VPS IP ADDRESS>',
    1 => 'cloud.xxxxxx.com',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '32.0.3.2',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xxxxxxx',
  'dbpassword' => 'xxxxxxx',
  'installed' => true,
  'instanceid' => 'ocuc9sm5x32t',
  'maintenance_window_start' => '100',
  'maintenance' => false,
  'default_phone_region' => 'US',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => xxxx,
    'timeout' => 0.0,
    'password' => '',
  ),
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_smtphost' => 'xxxx.xxxx.com',
  'mail_smtpauth' => true,
  'mail_smtpport' => 'xxx',
  'mail_from_address' => 'xxxxxxxxxx',
  'mail_domain' => 'xxxxxx',
  'mail_smtptimeout' => 30,
  'mail_smtpname' => 'xxxxxx',
  'mail_smtppassword' => 'xxxxxxx',
);

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
2

You will find several Instructions how to do so with nginx as webserver in the net. One is here

3

Normally, Ubuntu should come with a letsencrypt client already in their repository (certbot). I’d use that version so it gets automatically updated with apt.

But in general the letsencrypt certificates are the way to go.

I’m just seeing that a few tutorials use snap for that. I’m not very familiar with all the snap and not sure if you really need it or if you can still use the non-snap version (perhaps that was the reason to install everything manually in the tutorial)? On debian, this is still without snap.

4

On Ubuntu 24.04, running the command apt install python3-certbot-nginx (if you want to use the NGINX plugin) will still install the classic DEB packages from the Ubuntu repositories. Alternatively, simply running the command apt install certbot should work as well if you don’t want to install the NGINX plugin and wish to configure NGINX manually. :slight_smile: