Is there a way to associate the already-acquired ssl certificate with “cloud.xxxx.net” within Nextcloud?
Also, assuming I can make the change to use “https://cloud.xxxx.net” instead of “xxxx.net” how can I disable “xxxx.net” so that it no longer directs to my Nextcloud installation?
No - that certificate is specifically for xxxx.net; you will need to create a new certificate that covers cloud.xxxx.net.
Depending on how you generated the certificate in the first place, this is pretty easy to do. Once you’ve updated your dns records so that cloud.xxxx.net points to the correct place, you can just rerun the same command you used last time, but adjust the domain name.
From memory, the appropriate flag for certbot is -d, so instead of
-d xxxx.net
you would use
-d cloud.xxxx.net
Just remove the dns record. How have you hooked up your IP addresses to the name xxxx.net?
It confirms that the desired DNS is pointing to my external IP/Nextcloud server (may be using wrong terms here).
The script I used to obtain the current certificate was:
sudo /var/scripts/activate-ssl.sh
I believe it’s a custom script included in the Nextcloud VM installation by “Tech and Me”. That script does not appear to be able to run a second time after a certificate has been created (maybe it’s deleted, I don’t know, but I can’t get it to run again).
Nextcloud documents, somewhere i read that “Nextcloud is optimized to function best using only a single Trusted Domain”. This may be outdated, but I do think the script configures the corrected Trusted Domain[s] when the certificate is created.
Consequently, I think I need to edit one of the Nextlcoud configuration files to modify the domain I want to use (in this caesa, “cloud.xxxx.net” – before I try to create a new certificate.
I loaded CertBot but because of my lack of knowledge I don’t to run anything new until I understand what I’m doing. As Michalng noted, I did read where I can expand the domains but I’m not certain that is the best option to use with Nextcloud. Plus, I really only want to use the single domain for my Nextcloud installation. Also, I think I need to delete the existing certificate before creating another one?
Not sure what “move DNS record means” but I have redirected the cloud.xxxx.net name to point to my server.
As I was afraid might happen, just deleting the certificate hosed up the Nextclaoud installation so that it is no longer accessible via web browser. I also don’t know how to try to create a new certificate since the command used originally no longer works. Nextcloud and Apache (SSL?) configuration files still reference the old domain name that I’m trying to replace.
Unfortunately I don’t have much time right now, but as a little idea I wanted to quickly post something, that hopefully helps.
As far as I know the activate-ssl.sh utilizes certbot and you could run the certbot by yourself.
EDIT: Oh, I just read again, that you wanted to switch to another domain name. In that case “renew” won’t obviously do the trick.
Get another cert with:
cerbot run --apache -D cloud.xxxx.net
I left the old text here, in case you need to renew your certificate later.
For renewal run: certbot --apache renew
I assume your webserver is apache. If certbot complains about that switch (–apache) just run certbot without that switch: certbot renew
Then certbot should actually do everything for you. Restart the webserver after you ran the certbot (for other users, I know that it is not necessarily required ) and check if your webserver is available again.
Since I’m new to Ubuntu/Linux, I decided to just do a new re-install of Nextcloud. I was having problems trying to get certbot to run commands, and likewise the suggestion I found to run “nextcloud.enable-https” returned the error “command not found”. It may be that the version I installed isn’t yet up to date (as I also saw that some others had the same problem).
Anyway, I did a complete new installation Nextcloud, used my correct/desired domain name, obtained a new certificate and ready to go again.
I still have a lot to learn and your comments are helpful in that regard, so, thanks!
Too bad it caused you trouble and you had to reinstall Nextcloud. However I’m glad your server is up and running now
Yeah, we all still learn, it never gets boring
I marked @stooj answer as solution, although you actually did a re-install. But I think his answer was very complete and could have been the way to go here which might help others if they stumple accross this thread.
It may be because I used the Tech and Me VM installation (snap?) that my installation has some variations from a completely manual installation. But there are some things that need to be done to/with Nextcloud configuration files in addition to just creating a new certificate for an existing installation.
For example: I read that, before creating a new cert, one should disable either the SSL or HTTPS function (not sure I’m using correct terminology). It said to run:
sudo nextcloud.disable-https
For some reason, that command would not run on my setup. I also read where some others had the problem, which I was unable to resolve. Not sure if I needed to disable SSL or HTTPS (or what that even means).
And, am pretty certain that the Nextcloud Trusted Domains configuration file needs to be changed before creating a new certificate. Mine is located (I think) at:
/var/www/nextcloud/config/config.php
Those are additional steps which I’m pretty sure need to be done before or in addition to deleting and creating a new certificate. Not sure what order they need to be done in, however.
Those are are just some caveats. I find the forums to be the best place to get answers to unique problems (of which I would call this one), which is why I try to include as much detail as possible without adding to confusion for possible future users with a similar problem. So, again, I appreciate all the help here.
Yes, definitely. The VM installations from Tech and Me ship a few scripts that make maintaining the server a lot easier On manual installations we have to build these scripts for us first or do everything manually
I used the VM from Tech and Me as well, in order to learn how things work first. However I never noticed such a command/ script.
The intention of revoking a certificate before using a new one is only, that there are not two or more certificates for your site and that you don’t reach the limit (I believe about 5 certs for one domain is maximum). Nothing real bad though, if you requested a second cert although not revoking the old one.
So while I can only thinkg of nextcloud.disable-https as being a script and you could do all the steps manually, I’d like to explain that you don’t need to disable https completely just to get a new cert.
The steps are actually:
run certbot to revoke old cert (cerbot revoke --cert-path /etc/letsencrypt/live/your-domain.com/fullchain.pem)
just in case the certbot revoke command didn’t delete the certificates under /etc/letsencrypt/live/your-domain.com you can go ahead and delete them manually by the sudo rm -rf commands your mentioned
run certbot to receive a new cert (certbot run -D your.domain.com)
When you want to access your server via a new domain name (before domain.com and now cloud.domain.com), then the web server needs to know that he has to listen for a new name.
As Nextcloud checks the domain name it was accessed from, you need to define your domain name as trusted domain in the config.php. But, you can do that whenever you like, before or after running the certbot commands. Nothing will break when the trusted domain is not correct, you just can’t login to Nextcloud until the trusted domain is fixed
So, if you see the error message in the browser “XY is not a trusted domain” (something like that), you just edit the config.php, change the domain name, save the changes to the config.php and reload the web page; that’s it
) and check if your webserver is available again.
On manual installations we have to build these scripts for us first or do everything manually 