Installing SSL Certificate on Nextcloud VirtualHost

Nextcloud Version: NC 21.0.0
Operating System: Ubuntu 20.04
Apache2 and PHP 7.4

Issue: I generated an ssl certificate and I want to install it on my virtual host. This is what my virtual host look like:

<VirtualHost *:443>
     DocumentRoot "/var/www/"

    SSLEngine on
    SSLCertificateFile /etc/ssl/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/private.key
    SSLCertificateChainFile /etc/ssl/ca_bundle.crt

     <Directory "/var/www/">
         Options MultiViews FollowSymlinks
         AllowOverride All
         Order allow,deny
         Allow from all

    TransferLog /var/log/apache2/nextcloud.example.com_access.log
    ErrorLog /var/log/apache2/nextcloud.example.com_error.log


Everytime I try to access my sub-domain, it appears the default apache2 ubuntu page instead of the nextcloud login page.

I figured out how to do it. I deleted the previous ssl certificate, though its not required, I just wanted to use a Let’s Encrypt certificate. I generated a Let’s Encrypt certificate with certbot manually, using this:

certbot --manual --preferred-challenges dns certonly

Then, I rewrited the apache2 virtual host file to this:

<VirtualHost *:80>

        Redirect permanent /

<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/
        SSLCertificateKeyFile /etc/letsencrypt/live/
        DocumentRoot /var/www/
        <Directory /var/www/>
                Options +FollowSymlinks
                AllowOverride All
                <IfModule mod_dav.c>
                        Dav off
                SetEnv HOME /var/www/
                SetEnv HTTP_HOME /var/www/

                RewriteEngine On
                RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
                RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
                RewriteRule ^/\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
                RewriteRule ^/\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
                RewriteRule ^/\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]


        <IfModule mod_headers.c>
                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

        TransferLog /var/log/apache2/nextcloud.example.com_access.log
        ErrorLog /var/log/apache2/nextcloud.example.com_error.log


And it worked!

PS: You can also run this command:
sudo certbot
And follow the instructions, at the end you don’t need to do anything, certbot does everything. If for some reason it doesn’t work, check if the virtual host is enebled, and restart apache2.

PS: The above commands are recommended for people that want to secure domains that have private IPs. If you have a domain pointing to your public IP, have setup portforwarding, and you can access it from anywhere; you just want to secure it, use this: sudo certbot --apache -d