Nextcloud-plugin @ TrueNAS fails to get good certificate

Although during installation of the plugin on TrueNAS the FQDN-hostname is used for the name of the MysQL-installation, this FQDN is not used in any configuration to aid in getting a Let’s Encrypt certificate. How come?

isn’t that a question of implementation of NC to TrueNAS and hence should be asked in the TrueNAS forum?

BTW: welcome to the NC communityforum, though.

No, as I think this is a Nextcloud installation problem. And besides that it’s not an easy choice.

Hi @gait

There are basically two ways to solve this. Either you leave the jail as it is and use a separate reverse proxy to manage SSL certificates and access via HTTPS. Or you manually change the configuration of the jail. Google may help with this, I’ve picked out two links that look usefull to me after a short skim…

https://www.florian-rhomberg.net/2021/02/securing-nextcloud-jail-using-https-and-lets-encrypt-part-two/

https://sysadmin102.com/2021/11/how-to-install-nextcloud-on-truenas-and-obtain-ssl-certificate-from-lets-encrypt-with-certbot/

Note: I do not use any TrueNAS jails, so I have not tested the instructions myself and can therefore not tell you whether everything is working as described.

What you mention are workarounds, one of which I already use.

But sorry, I’d like to have solutions.

It would be nice to take the FQDN-hostname, like is already being done for MySQL (log and pid filenames).

Or maybe let there be an item ‘FQDN’ in the custom part of the configuration. And put that FQDN in the cert paths in the nginx config.

Another nice thing to have: a working certbot --nginx -d … (nginx-plugin for certbot).

Then it would be much easier to get a cert in a running jail.

No these are not “workarounds”. Nextcloud does not provide or maintain a webserver or any tools to obtain or manage SSL certificates. These things have to be set up and configured separately. So If anyone could integrate such features directly to TrueNAS, it would be the maintainers of the TrueNAS plugin.

1 Like

Sorry, as a user of the plugin I still see them as workarounds.

How can I reach the maintainers of the TrueNAS plugin?

As far as I know the plugin is maintained by iX Systems. So I guess feature requests would have to be directed to them. Here a link to their GitHub page https://github.com/truenas/

Or you could ask for help in their community forums. Maybe somone can provide you with a better “workaround” there… https://www.truenas.com/community/

But keep in mind, that TrueNAS core doesn’t include 1st party support through iX systems and that this is a community forum, just like here. This means users are trying to help other users on a voluntary basis.

This helps. Until now, I only searched for truenas stuff …

1 Like

See who maintains this plugin a.k.a. appliance.

Why did you mark this as not_nc_related? The plugin is maintained by Nextcloud.

as long as it isn’t officially under a nextcloud git it’s not maintained by NC regardless of what the text says. Like you could open your own rep and write that whatever you’ d do there would be done in nextclouds name… but it wouldn’t be true.

right now this app is located in a freenas rep.

And what difference does it make anyways. Unless you have a support contract with one of the companies involved, you rely on community support anyways. That means users help other users to the best of their knowledge, without guarantees.

Btw did you also read the rest of the readme file…?

yes I did. Why do you ask?

Beacuse you had issues with getting TLS cerificates…? :wink:

That was indeed before I read the README completely. Seems I am not the only one complaining before reading the README. An explainer at YouTube really put me on the wrong track.

You’re right.I overlooked your post, so I guess we should mark that one as a solution then :wink:

1 Like

Then why were Truenas and Nexcloud making such a noise about their cooperation? Like here on YouTube

“noise” would be much more than what they did… but anyways. Someone needs to maintain an app. Right now this is apparently TrueNAS.

I bet they’d be happy to have you as an additional coder or beta-tester or such. This is the way open source works: Everyone is helping as good as they probably can.

Why do you say it’s TrueNAS?