Installing SSL Certificate on Nextcloud VirtualHost

Johnscaban · April 15, 2021, 10:54pm

Nextcloud Version: NC 21.0.0
Operating System: Ubuntu 20.04
Apache2 and PHP 7.4

Issue: I generated an ssl certificate and I want to install it on my virtual host. This is what my virtual host look like:

<VirtualHost *:443>
     DocumentRoot "/var/www/nextcloud.example.com"
     ServerName nextcloud.example.com

    SSLEngine on
    SSLCertificateFile /etc/ssl/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/private.key
    SSLCertificateChainFile /etc/ssl/ca_bundle.crt

     <Directory "/var/www/nextcloud.example.com/">
         Options MultiViews FollowSymlinks
         AllowOverride All
         Order allow,deny
         Allow from all
    </Directory>

    TransferLog /var/log/apache2/nextcloud.example.com_access.log
    ErrorLog /var/log/apache2/nextcloud.example.com_error.log

 </VirtualHost>

Everytime I try to access my sub-domain, it appears the default apache2 ubuntu page instead of the nextcloud login page.

Johnscaban · April 16, 2021, 1:42am

I figured out how to do it. I deleted the previous ssl certificate, though its not required, I just wanted to use a Let’s Encrypt certificate. I generated a Let’s Encrypt certificate with certbot manually, using this:

certbot --manual --preferred-challenges dns certonly

Then, I rewrited the apache2 virtual host file to this:

<VirtualHost *:80>
        ServerName nextcloud.example.com

        Redirect permanent / https://nextcloud.example.com/
</VirtualHost>

<VirtualHost *:443>
        ServerName nextcloud.example.com
        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/nextcloud.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.example.com/privkey.pem
        DocumentRoot /var/www/nextcloud.example.com
        <Directory /var/www/nextcloud.example.com/>
                Options +FollowSymlinks
                AllowOverride All
                <IfModule mod_dav.c>
                        Dav off
                </IfModule>
                SetEnv HOME /var/www/nextcloud.example.com
                SetEnv HTTP_HOME /var/www/nextcloud.example.com

                RewriteEngine On
                RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
                RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
                RewriteRule ^/\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
                RewriteRule ^/\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
                RewriteRule ^/\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]

        </Directory>

        <IfModule mod_headers.c>
                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
        </IfModule>

        TransferLog /var/log/apache2/nextcloud.example.com_access.log
        ErrorLog /var/log/apache2/nextcloud.example.com_error.log

</VirtualHost>

And it worked!

PS: You can also run this command:
sudo certbot
And follow the instructions, at the end you don’t need to do anything, certbot does everything. If for some reason it doesn’t work, check if the virtual host is enebled, and restart apache2.

PS: The above commands are recommended for people that want to secure domains that have private IPs. If you have a domain pointing to your public IP, have setup portforwarding, and you can access it from anywhere; you just want to secure it, use this: sudo certbot --apache -d yourdomain.com