Nextcloud installed on freenas how to update SSL?

Hi there!

I’ve recently build a freenas system and i would like to use the nextcloud plugin.

I was able to install it from the plugins page and i have set it up for ip and port forwarded to a ddns service to be able to reach NC both local and external.
However since i’d like to be able to access NC from the net i would like to have a functioning encryption.

This error needs to be avoided:
SHA-1 Certificate
The certificate for this site expires in 2016, and the certificate chain contains a certificate signed using SHA-1.

Now seeing i have not found any proper guides that don’t skip random steps im at a loss…

I am able to use the freenas jail shell or putty to reach root@nextcloud

but im confused about what steps to take in order for me to either:

-generate a working self signed sha2 SSL
-incert a CSR and Private key

ofcourse i’d also need to know how to force the https.

Could anyone help me out with this or atleast give me some proper pointers? since all i seem to find is pretty much outupdated stuff.

Please ask the FreeNAS community, they know better how their system is organised.

With the certificate you can use either a self-signed certificate (you need to import the certificate manually in each browser you want to use with your cloud), or you get an official certificate (the certificate signing request (CSR) is normally sent to the signing authority which gives you the signed certificate). For a public certificate, you need in general a domain name under your control.

Hi. Did you ever get this address? I built a freenas system and have nextcloud plugin active. I too want to make this accessible safely and privately through the internet. I’m looking for feedback on firewalls and really a cookbook if any… thanks

Hello there,

Yes i’ve been able to get this working by using a reversed nginx proxy
this method enables me to switch between multiple applications fast and easy by just appointing the application to a preset ip.

I think ZodiacHD’s guide on making a reversed nginx proxy with lets encrypt is a great starting point

otherwise you just replace the certs placed inside the NC plugin with your certs

Hello, I have pretty same problem I use NextCloud plugin in FreeNAS and it’s very good! But I want to use NextCloud via HTTPS. They say I have to configure Apache. But I don’t understand where I can find *.conf files of apache. NextCloud plugIn separated in FreeNAS-jail.

So, question is - how to configure apache on Freenas-jail?

If I’ll find answer on FreeNas I’ll let you know.

Please help.

ooh im not using the actual plugin atm,
but used a buildguide to make a jail myself.

I think it was a guide for nextcloud 12 by Dureal99D

it does include mariabd, php70 and apache `

however plugins use different paths for conf files :smiley:

Hello. Thanks q_fleuren for help.
I’ve found solution, and it works!

  1. Go to FreeNAS WEB-interface -> Shell

  2. Then go to needed jail
    jexec 1 /bin/tcsh, where 1 is ID of your jail
    jls - will print list of jails with IDs

  3. Put certificate and key files into /etc/ssl/
    I know three ways. But no one of them works 100% in different situations. Please do as you can.

  4. Edit NextCloud config-file
    4.1. Backup
    cp nextcloud.conf nextcloud.conf-backup20200128
    4.2. Edit
    ee /usr/local/etc/nginx/conf.d/nextcloud.conf
    4.3. Parameters:
    server {
    listen 80;
    listen 443 ssl;
    ssl_certificate /etc/ssl/CCCC.crt;
    ssl_certificate_key /etc/ssl/KKKK.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    server_name _;
    Where “CCCC.crt” and “KKKK.key” files you’ve add in p.3

  5. Add your domain name as trusted in NextCloud
    cp /usr/local/www/nextcloud/config/config.php /usr/local/www/nextcloud/config/config.php-backup20200128
    ee /usr/local/www/nextcloud/config/config.php

‘trusted_domains’ =>
array (
0 => ‘’,
1 => ‘’,
2 => ‘Put here your data - admin dose not allow me to do this’,
3 => ‘Put here your data - admin dose not allow me to do this’,
4 => ‘’,

  1. Reboot plugin (I’ve reboot machine)

Info I’ve used is here: