NC15 (snap): How to automatically renew SSL certificate from LetsEncrypt?

Hi all,

Loving nextcloud but running into a non-critical issue. Spent the last 4 hours reading all available previous threads/posts on this topic, but still can’t figure out why the SSL cert from letsencrypt is not auto renewing?

This is my second setup for the same failure (I wiped out the first setup due to certs not renewing, formatted the hard disk and re-installed everything including base linux/gnu again). So now I have a fresh re-install of nextcloud 15 via snap, running on ubuntu 18.04 server LTS, on Intel NUC hardware. Firewall (UFW/iptables) is allowing 1) all outgoing and 2) TCP 80, 443 for incoming on IPv4 and IPv6. Router has TCP 80 and 443 ports open. I obtained original cert via ‘nextcloud.enable-https lets-encrypt’ (did not use certbot due to having the former option available on snappy NC15). I can access the server via web browser and iOS apps, using ‘cloud.domain.com’ without issues.

There are a couple of questions that may help me and possibly others like myself who may be encountering this issue:

  1. Is there a man page or more documentation available on the command ‘nextcloud.enable-https lets-encrypt’, ie how many days in before the expiration does it attempt to obtain cert? where does it log successes and failures? what syntax is available for ‘nextcloud.enable-https lets-encrypt -XXXX’?
  2. Are there people who are successfully using nextcloud 15 snap and letsencrypt with autorenewing cert, that did not require intervention? (basically i’m wondering if it’s a software bug or my particular setup)

Thank you in advance for sharing any wisdom on this topic.

1 Like
nextcloud.enable-https lets-encrypt -h

where is my stuff, logs, etc?

if you feel your problem with certbot is an issue you can open one here

https://github.com/nextcloud/nextcloud-snap/issues

1 Like

I basically have the same issue. Also didn’t know how to set the certificate to renew automatically. But I too have this and just had to re-install it again using nextcloud.enable-https lets-encrypt

Same overhere. After 3 months the certificate expires. You can reinstall it by using the nextcloud.enable-https lets-encrypt command. If somebody has a small description how to prolong the certificate before it expires I would be glad to here.

edit: It might be the firewall on my nextcloud instance. I remember now that I need to disable the uncomplicated firewall before I was able to get a new certificate. Maybe a rule need to be added for port 80 that allow traffic to the letsencrypt server.

edit2: I can confirm that lets encrypt automatically renews the certificate 30 days before its expires if port 80 is open to the letsencrypt server.

Seems like this might work. Cert’s good for 3 months, this renews every 2 months:

Command line:
0 0 1 */2 * python renew_certs.py

#Python Code for this
from pynput.keyboard import Key, Controller
import os
import time

def renew(key, keyboard):
keyboard.type(“nextcloud.enable-https lets-encrypt”)
keyboard.press(key.enter)
time.sleep(10)
keyboard.type(“y”)
keyboard.press(key.enter)
time.sleep(10)
keyboard.type(“enter-the-domain-name-here.com”)
keyboard.press(key.enter)
time.sleep(60)
print("…Python Script Complete…")
return

keyboard = Controller()
os.system(“gnome-terminal”)
renew(Key, keyboard)

Hi there! This code block is not working for me:

First off, I had to add indentation (which I fixed in the above blockquote). Then, running the script to test it, I get the following error:

$ python renew_certs.py
  File "renew_certs.py", line 6
    keyboard.type(“nextcloud.enable-https lets-encrypt”)
                           ^
SyntaxError: invalid character in identifier

My python is extremely rusty… any idea why this is happening? Thanks!

I am using Bash script to auto answer renew the nextcloud SSL.

Example:
(echo “Hello”; sleep 5; echo “world”; …) | command

  1. open the file in your Documents directory.

nano /home/your computer/Documents/renew_certs.sh

The file of renew_certs.sh

#!/bin/sh

#this renews every 2 months:
#Command line: 0 0 1 */2 * /bin/bash renew_certs.sh

email="yourmail@example.com"
domain="cloud@example1.com cloud@example2.com"

(sleep 5; echo “y”; sleep 10; echo $email; sleep 5; echo $domain; sleep 30 ) | nextcloud.enable-https lets-encrypt

  1. change the exec to your file

chmod 0775 /home/your computer/Documents/renew_certs.sh

  1. Put the command line to root crontab
    Every 2 months on First day to execute the bash renew_certs.sh file

sudo su
crontab -e

0 0 1 */2 * /bin/bash /home/your computer/Documents/renew_certs.sh

  1. Done.