I restored a NCP backup and now my certificate seems to be faulty.
My mobile browser shows:
“https://mydomain.dynv6.net has a security policy called HTTPS Strict Transport Security (HTST), which means Mull can only connect to it securely.”
Thunderbird which syncs my calendar via my Nextcloud shows:
This site attempts to identify itself with invalid information.
Unknown identity
The certificate is not trusted because it hasn’t been verified as issued by a trusted authority using a secure signature."
Firefox is showing the following:
“mydomain.dynv6.net uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT”
Here’s the output of ncp-report:
https://pastebin.com/raw/G9XSszHx
Looks like restore didn’t work for your domain, and it installed the standard self signed one.
You can simple run letsencrypt again from terminal via ncp-config/Networking/letsencrypt .
Thanks, I already tried that and it said that a certificate was created, but it’s still not working.
Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for domain.dynv6.net and test.domain.dynv6.net
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.dynv6.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain.dynv6.net/privkey.pem
Your certificate will expire on 2023-11-13. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Installing template 'nextcloud.conf.sh'...
INFO: Metrics enabled: no
System config value trusted_domains => 11 set to string domain.dynv6.net
System config value trusted_domains => 3 set to string domain.dynv6.net
System config value overwrite.cli.url set to string https://domain.dynv6.net/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string domain.dynv6.net
System config value trusted_proxies => 14 set to empty string
Setup notify_push (attempt 1/5)
âś“ redis is configured
âś“ push server is receiving redis messages
âś“ push server can load mount info from database
âś“ push server can connect to the Nextcloud server
âś“ push server is a trusted proxy
âś“ push server is running the same version as the app
configuration saved
Done. Press any key...
I also noticed that the ncp WebGUI system info is report “Port 80” and “Port 443” to be “[N/A]” and “Certificates” is showing “non”. Is that related to my issue?
Not sure why, but after fixing this issue I renewed my certificate and everything seems to be working alright again.
1 Like
