I am running Nextcloud 126.96.36.199 with NextCloudPi 1.26.2 on a Raspberry Pi. When I tried to get Lets Encrypt SSL from the admin panel, the attempt failed because timeout waiting for respond. I was able to get SSL by running acme.sh and the connection to my NextCloudPi is secure. However, when I go to the admin panel (port 4443), the browser indicates my connection is secure but I always see the message “‣ You should run Lets Encrypt for trusted encrypted access” on the top of the System Info page. Is there something I need to do to have NextCloudPi detect I have Lets Encrypt SSL?
Afaik there is no way to let ncp-web know that you already have a certificate.
If your connection is already secure, You can just ignore the message.
In https://docs.nextcloudpi.com/en/faq/faq/ , there is a section about getting SSL manually but I believe the info need to be updated.
How do I set up Let’s Encrypt with blocked ports?
- If you only have port 443 available, you can use the following workaround: copy that code and after that try again from the web interface or
sudo wget https://raw.githubusercontent.com/nextcloud/nextcloudpi/beb9bc1ee2909a1ab6bfde7398ddf19a50d02478/etc/nextcloudpi-config.d/letsencrypt.sh -O /usr/local/etc/nextcloudpi-config.d/letsencrypt.sh
- If you don’t have port 443 available, you will have to do it manually. You can use the Let’s Encrypt DNS challenge authentication for this ( wiki entry ).
Also, see this page on performance tips.
For one thing, /usr/local/etc/nextcloudpi-config.d doesn’t exist for my NextCloudPi installation.
Did little digging and found there is this line of code in ncp-diag that determines whether NCP has Let’s Encrypt or not.
CERTS="$( grep “SSLCertificateFile /etc/letsencrypt/live/” /etc/apache2/sites-a$
| sed 's|.*SSLCertificateFile /etc/letsencrypt/live/||;s|/fullchain.pem$
[[ “$CERTS” == “” ]] && $CERTS=none
I modified for it to look at the right place and the warning message is gone.
PR’s to dev branch are most welcome.
Contributions to docs are also very welcome, join the wiki team on Telegram and request editorial access. Or use Github/issues to request it, and discuss proposed changes.
I should clarify. ncp-diag works as intended if one is using NCP’s letsencrypt.sh to get SSL. Because I used acme.sh to get certs and installed them in a different location with different naming convention, I decided to modify ncp-diag rather then move files around to fit how ncp-diag is expecting the certs.