Nextcloud Snap: create SSL certificate without using Certbot

Edited to remove all references to “self-signed” made in error:

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 24.0.6 (via snap)
Operating system and version (eg, Ubuntu 20.04): Debian Bookworm
Apache or nginx version (eg, Apache 2.4.25): 2.4.54
PHP version (eg, 7.4): 8.1.12

The issue you are facing: Can’t install SSL certificate using command sudo ./nextcloud.enable-https lets-encrypt because certbot requires port 80 & 443 to be open, however, my locked-down ISP router is blocking port 80 & 443. I can use any other port, just not 80 & 443, but certbot requires 80 & 443. I am hoping for a different way to get a SSL certificate from Let’s Encrypt. Thank you so much for your help in advance!

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Log onto server
  2. Type cd /snap/bin
  3. Type sudo ./nextcloud.enable-https lets-encrypt

The output of your Nextcloud log in Admin > Logging:

Not required, I believe.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

Not required, I believe.

The output of your Apache/nginx/system log in /var/log/____:

Not required, I believe.

Not required, I believe.


Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

Not required, I believe.

Hello,

I am sorry but self signed certificate doesn’t need Lets-Encrypt.

If you are requesting Lets-Encrypt, that means you are asking for their certificate.

I think the command for self signed certificate is, sudo nextcloud.enable-https self-signed

Refer here for official docs → Enabling HTTPS (SSL, TLS) · nextcloud-snap/nextcloud-snap Wiki (github.com)

Thanks.

Sorry, looks like I confused myself. I already have a self-signed certificate, but I have an issue with an app refusing to connect to servers with self-signed certificates. So, I am trying to obtain a free official certificate via Lets Encrypt, but I’m having this issue with ports 80 & 443 being blocked by my ISP.

You can use certbot’s DNS challenge instead of the HTTP challenge. But, you will probably have to run the renewal manually each time, every 60-90 days.