I am trying to make Nextcloud accessible over HTTPS with a Let’s Encrypt certificate. Nextcloud is running inside a TrueNAS jail and was previously accessible over HTTP on port 8282. But HTTP is insecure so I requested, received and installed an SSL certificate from Let’s Encrypt using certbot. The certificate installed successfully but now whenever I try to access nextcloud locally in my browser with HTTPS (through https://192.168.188.79:8282), I get this error message from Firefox:
When I try accessing the same IP address through HTTP (http://192.168.188.79:8282), I get a 404 message.
I’m not very good with nginx but am I right in suspecting that once HTTPS is enabled, nextcloud is set to be accessed through port 443 which happens to be the port also used by the trueNAS UI?
Any ideas or explanations on why I can’t access nextcloud over HTTPS?
Normally, you can get certificate for a hostname, not an IP address. If I search specifically for this error, it’s said that it can pop up when the server is not configured correctly, e.g. the port is not the default 443.
My certificate is for a hostname not an ip address, however the same thing happens when I try to access nextcloud from the hostname. I can’t make Nextcloud accessible over port 443 because the TrueNAS UI is using it.
Do you have retrieved a valid certificate? Self-signed certificates very often become blocked by several browsers.
If your Nextcloud instance can be reached from internet (via ports 80 and 443) you should:
afaik ceertbot requires port 80 and 443 to point to nextcloud, if 443 points to truenas ui this could cause problems. however, if you map port 443 on your router to port 8282 on your NAS device, this should work i think. otherwise LetsEncrypt certificate creation will fail.
Ok, I decided to do a fresh install on the Nextcloud plugin in TrueNAS, but after that reinstall, by default, nextcloud is only accessible through HTTPS with a self-signed cert. How am I supposed to complete the Let’s Encrypt HTTP-01 challenge with Certbot if I can only access Nextcloud through HTTPS?
With letsencrypt there are also different forms of verification, e.g. DNS, so it doesn’t have to be linked to the port. However, a standard port has advantages. TrueNAS doesn’t let you use Nextcloud in a virtual host with a different subdomain?
Please read the first sentence of FadeEx posting above.
Yes, I gathered that, but as also said:
however, if you map port 443 on your router to port 8282 on your NAS device, this should work i think.
I can map port 8282 to 443 on my router which I have done in the past with non-nextcloud services and it did indeed work.
However in this case, for some reason, when Nexcloud is installed via the trueNAS plugin in a jail, it uses a self-signed cert on initial install. But obviously the letsEncrypt HTTP-01 challenge is not gonna work with self signed https.
So my idea is to temporarily run Nextcloud on HTTP for getting the certificate. Would this be the best way? If so, how can I do that, I am inexperienced with nginx which is what Nextcloud is running on.
Edit
I can’t do the DNS-01 challenge because my DNS provider (NoIP) only supports TXT records in additional upgrade plans.
I solved the problem. Nexcloud was configured to be accessed via https with a self-signed cert on port 8283 while port 8282 led to a HTTPS redirect. applying for a certificate for the HTTPS redirect worked.
So once I had my nextcloud instance up and running, everything was going fine. I was able to access the web interface with my domain through https with my letsEncrypt certificate. But then after restarting the nextcloud jail to add some storage mount points, I can now no longer access nextcloud. This is what I get in my browser when I try to access nextcloud through my domain:
Why has this happened?? Everything was working perfectly. What has gone wrong? How can i fix this?
Edit
The server seems to randomly sometimes switch certificates. The web panel suddenly stops working and when restarting the jail, it just switches back to using a self-signed cert. each time it does this, I have to go back into nextcloud.conf and change the server_name and re-apply for the letsEncrypt certificate with certbot.
So I tried reinstalling nextcloud and starting from a clean slate a THIRD time but I’m still not getting it to work. This is what I did:
1. Install the Nextcloud plugin under the Plugins section on the TrueNAS interface.
2. Install certbot with the following command:
pkg install py38-certbot-nginx
3. In my nextcloud jail, edit nextcloud.conf under /usr/local/etc/nginx/conf.d/ and change the server_name from " _ " to my domain name from NoIP.
4. Open the following ports on my router:
Internal port 8282 > external port 80
Internal port 443 > external port 443
5. Run the following command from the nextcloud jail:
certbot
and fill the following prompts:
A. enter my email
B. agree ‘yes’ to the terms and conditions
C. select option 1 as my domain to register
And then certbot says the process was completed successfully.
But when I try to access nextcloud from my browser with https://mydomain.com nothing happens for a while and then firefox just gives up and says unable to connect.
