Hmm, struggeling myself too with the Nextcloud / Opensuse (15.3) runlevel3, headless / LetsEncrypt / ExoticPortNumber combination. Configured ssh on [exotic_port] as well.
Started with installed NextCloud on OpenSuse15.2, ran on port 80, worked fine. Except for those intriging hints to resolve to ssl / https…
But on OS Upgrade to 15.3 Nextcloud got downgraded from the official repo. Fixed that with installing a fresh zip with copied config.php from backup (cloud-data was not in /srv/www/htdocs/nextcloud). Stil not TLS, but still working.
PortSharing on modem/router is set up for host on 80 / 443 to allow certbot (needs open port 80/443 combo for renewal, port not configurable ( to [exotic_port]>?)
Created a separate vhost dead-end site on port 80.
Downloaded/installed python3-certbot-apache (v1.4.0) and ran it with the -apache option.
So now I have a certificate and site running on https…
From forum posts I figured that OpenSuse is a bit different than other distro’s:
installed nextcloud is in /etc/apache2/conf.d/nextcloud.conf (not in …/vhosts.d)
In the dummy-site file vhosts.d/dummy.conf certbot added:
RewriteEngine on
RewriteCond %{SERVER_NAME} =myhost_subdomain.domain.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
in the VirtualHost section. And a copy was made into vhosts.d/dummy-le-ssl.conf with these added lines:
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myhost_subdomain.domain.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myhost_subdomain.domain.net/privkey.pem
So I figured that the /etc/apache2/conf.d/nextcloud.conf also needs some kind of path to the certificate and maybe even rewrite hints?
The file starts with:
Alias /nextcloud "/srv/www/htdocs/nextcloud/"
Alias / "/srv/www/htdocs/nextcloud/"
ServerName myhost_subdomain.domain.net
and in the rewrite section I added those two lines as the last rules and finally the certificate paths
...
RewriteCond %{SERVER_NAME} =myhost_subdomain.domain.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</IfModule>
SSLCertificateFile /etc/letsencrypt/live/myhost_subdomain.domain.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myhost_subdomain.domain.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
In /etc/apache2/listen.conf and /etc/apache2/listen_nss.conf added underneath listen 443 also my [exotic_port] (and keyword https).
When in the browser I go to
http://myhost_subdomain.domain.net:80
this sends me to
https://myhost_subdomain.domain.net/error/HTTP_BAD_REQUEST.html.var
which shows me an apache2 error page. Note: redirect to https but no nextcloud page. Probably I was to be led to my dummy vhost page, but that one is broken somehow…
https://myhost_subdomain.domain.net:[exotic_port]
sends me to
https://myhost_subdomain.domain.net/index.php/login
→ So no port number shown… and I am unsure on what port I do connect… when I only allow [exotic_port] in nextcloud.conf I do get the error
Access through untrusted domain
So it appeared to be 443 (which I had open when I tried). So to fix - I need to rewrite the URL to something including the [exotic_port]. Now I added in my config.php
'trusted_domains' =>
array (
0 => 'myhost_subdomain.domain.net:[exotic_port]',
),
'overwritehost' => 'myhost_subdomain.domain.net:[exotic_port]',
'overwrite.cli.url' => 'https://myhost_subdomain.domain.net:[exotic_port]/',
'overwriteprotocol' => 'https',
);
Note: replace [exotic_port] with your portnumber
Although in the browser the [exotic_port] is not shown (connection via 443 [>?] is listened to), but internally redirected to port [exotic_port] ???
In the end, it works and on TLS / https… on an [exotic_port] number.