Nextcloud AiO custom SSL certificate

,

I got a perfectly working Nextcloud AiO setup, currently updated to 24.0.1.

Now I have to move it out from the internet-connected DC into the internal network, not connected to the world. Everything was fine until Let’s Encrypt cert expired.

Now I have to manually replace this expired cert with the newly generated one. Self-signed, commercial, or dns-verified Let’s Encrypt.

So, here is my question: how can I insert a custom cert into the AiO?

You cannot. However see this: Initial Setup requires External domain address · Discussion #1155 · nextcloud/all-in-one · GitHub

Follow up: now VM with Nextcloud AiO live in another network with ports 80 and 443 forwarded to it. Certbot on host works fine, I have proper cert.

When I restart nextcloud-aio-apache (or the entire system) logs are full of attempts to renew cert using the old IP (actually two of them) with no luck.

Google about letsencrypt and old IP’s gives tons of solutions about misconfigured DNS (definitely not my case).

What will be best:
a) somehow manually copy cert from host VM to docker’s volume?
b) do a fresh install over the existing system while keeping data?
c) do a fresh install and manually copy data from the broken NC?
d) another way to get a working NC with my data?