Hi, after installing nextcloud i want to get the files outside my network, but letsencrypt isn’t working (error log see below, ports are forwarded, maybe some Nat problems (nat in games is moderate, i use a fritzbox)).
Do i really need letsencrypt to get onto nextcloud (i also use openvpn) but i also want to connect to my nextcloud with a random pc without downloading any certificate. Do i need letsencrypt for that?
or is there maybe an other way?
Edit: i can access my Filebrowser, but 1st: “it is not safe” (no https? even if the settings forward this?) and 2.nd i can’t access from an unknown ip -> is it okay to whitelist all ips /is it possible?
You can route your Nextcloud traffic through OpenVPN. This will give you the security you want and allow you to skip using Letsencrypt, but it is still certainly recommended that you deploy it.
Any external sharing will be a no-no. Also, any app needing SSL will not work: federation, Social app, etc.
Then you will want to sort out the Letsencrypt certificate error and not use OpenVPN. Hopefully someone here can help you with that. I’d also try linking this thread to the Nextcloud Telegram at https://t.me/nextcloud
Another option I’ve found successful is to have a secondary Nextcloud instance, just join one with basic federation enabled. Then, mount that federated storage to your localhost only instance as external storage. This way, all of the storage on the hosted service can be treated as your “public” or “university” directory without compromising your localhost instance.
Check your webserver config, where it looks for the .well-known folder and if the letsencrypt script puts it in the right place. You can also stop the webserver, use the “standalone” option in the script and it will spin up a temporary webserver for this authentication. This will be a bit more complicated for renewals, because you have to stop your normal webserver and do the certificate update and restart it again.
Thanks for your help, but i am a newcomer to linux and nas systems.
Do you mean for webserver config my omv conf or my nginx (etc/nginx/…)? and how do i know the right place?
I see if: specko.duckdns.org is the domain, that there is a problem on youre DNS with port: 80:
specko.duckdns.org has an A (IPv4) record (84.180.137.211) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
specko.duckdns.org has an AAAA (IPv6) record (2003:c2:17ff:3a43:464e:6dff:fedc:6bf6) but a test request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address. You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.
Until now I had the same problem.
I am now in the FritzBox -> Home Network -> Network -> Network Settings and enter your NC domain under DNS rebind protection. Then wait a little or restart the box.
Now comes the certificate.
Hatte bis eben das gleiche Problem.
Bin jetzt in die FritzBox -> Heimnetzwerk -> Netzwerk -> Netzwerkeinstellungen und trage deine NC Domain unter DNS-Rebind-Schutz ein. Dann ein wenig warten oder die Box neu starten.
Nun kommt das Zertifikat.