Issues with certificate after restore?

I restored a NCP backup and now my certificate seems to be faulty.

My mobile browser shows:
https://mydomain.dynv6.net has a security policy called HTTPS Strict Transport Security (HTST), which means Mull can only connect to it securely.”

Thunderbird which syncs my calendar via my Nextcloud shows:
This site attempts to identify itself with invalid information.
Unknown identity
The certificate is not trusted because it hasn’t been verified as issued by a trusted authority using a secure signature."

Firefox is showing the following:
mydomain.dynv6.net uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT”

Here’s the output of ncp-report:
https://pastebin.com/raw/G9XSszHx

Looks like restore didn’t work for your domain, and it installed the standard self signed one.
You can simple run letsencrypt again from terminal via ncp-config/Networking/letsencrypt .

Thanks, I already tried that and it said that a certificate was created, but it’s still not working.

Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for domain.dynv6.net and test.domain.dynv6.net
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/domain.dynv6.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/domain.dynv6.net/privkey.pem
   Your certificate will expire on 2023-11-13. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Installing template 'nextcloud.conf.sh'...
INFO: Metrics enabled: no
System config value trusted_domains => 11 set to string domain.dynv6.net
System config value trusted_domains => 3 set to string domain.dynv6.net
System config value overwrite.cli.url set to string https://domain.dynv6.net/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string domain.dynv6.net
System config value trusted_proxies => 14 set to empty string
Setup notify_push (attempt 1/5)
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
  configuration saved
Done. Press any key...

I also noticed that the ncp WebGUI system info is report “Port 80” and “Port 443” to be “[N/A]” and “Certificates” is showing “non”. Is that related to my issue?

Not sure why, but after fixing this issue I renewed my certificate and everything seems to be working alright again.

1 Like