LetsEncrypt Intergration - SSL during installation

letsencrypt
encryption
nextcloud

#1

Requesting Letsencrypt SSL be integrated/added to the Nextcloud Installation Wizard.
Requesting Letsencrypt and Nextcloud integration to be a Default option during installation like the database selection.

Most of us need free, secure, https to be setup during installation.

This comes from someone that has been battling the universal redirect to the nextcloud login page (the RewriteBase rule or w/e apache is doing) that is preventing certbot(letsencrypt) from verifying my domain.com and issuing cert.

Could letsencrypt be integrated as an nextcloud app? could it use its own server/container like onlyoffice integration? or should it be part of the installation wizard?

It seems that the majority of the Web is using HTTPS now, maybe it’s time to add free ssl to the official nextcloud package.

thanks for reading - nextcloud is awesome.


#2

https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/

https://traefik.io/


#3

Thank you @Reiner_Nippes for the links.
I use nextcloud for personal use only so i was trying to avoid setting up a reverse proxy just for ssl, i’ve seen this recommendation in other forums and will probably have to take plunge one day, but i still think the non web server administrators need a simpler way to setup free certs(not self signed) with nextcloud. My nextcloud runs on a old laptop in docker.
A LetsEncrypt nextcloud app that would integrate with the certbot container/package would be so cool for us less technical people. Thanks again.


#4

If you use a plain linux system, it shouldn’t be hard on nginx/apache. On smaller systems, there is already the NextcloudPi project (supposed to install everything on a Raspberry pi). There you have a few system tools already integrated:
https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/


#5

would have to run as root. Not sure if you want to have such apps.


#6

try my ansible playbook in a virtual box.


#7

Didn’t think about that, so certbot would have to be added to nextcloud code base or be a run as root app (i see the problem now).
A crazy thought, humankode explains that certbot needs “write access for the following endpoint: http://ohhaithere.com/.well-known/acme-challenge/{token}” certbot only needs write access to that directory
This is probably not possible but could the “app” verify a domain within nextcloud without using the apache directory, the “integrated app” would make a psuedo directory within nc named domain.com/.well-known/acme-challenge/{token} for the token to be stored. Afterwards the ssl files would be copied to the actual /var/www/html directory. nvm to much work.

How about a toggle switch turning off universal redirection to the login page (/index.php/login). Turning off the redirection temporarily would solve my problem.


#8

i’ll give the ansible playbook a try


#9

that’s cool


#10

Nextcloud as Certificate Authority for ssl setup using occ maybe, maybe not.


#11

I found it easier to just use the certbot standalone. Your nextcloud instance will be offline for a few seconds during this time. Just set your cron job certbot renwal script to happen sometime in the early morning when its not being used.

My script:
#!/bin/bash

certbot --config=/etc/letsencrypt/cli.ini --authenticator standalone --installer apache
–pre-hook “/etc/init.d/apache2 stop” --post-hook “/etc/init.d/apache2 start”
-d mydomain.com
-d cloud.mydomain.com


#12

It is nicer when it is implemented properly. But the standalone version is easier especially when you have a bit more complex setups. For most people it won’t be a huge deal to stop the web server for a minute during the night to check the certificates.


#13

ty for post