Setup SSL Ubuntu snap DNS validated TLS cert letsencrypt [SOLVED]

  • Running NextCloud on an old PC at my home.
  • Will NOT expose it to the internet
  • Accessing via IP address
  • Installed via Ubuntu snap

I can get SSL working with a self signed cert

nextcloud.enable-https self-signed

But that certificate is a blank commonName value, which webdav does NOT accept (even when I turn on the trust_ca_certs and point it to wards the pem file in webdavs certs folder.

I’ve generated my own CA using openssl, and I’ve verified they were created correctly using the -check option in openssl. The problem is that I’m generating certificates for an IP address, rather than a FQDN.

So I can either leave the CN blank (which doesn’t work), or I can put in an IP address (which also didn’t seem to work, and from what I hear, isn’t the proper way to do it now).

Does anyone have a step by step guide that explains how to generate a CA (so I can install the CA into my list of trusted root CAs on my systems), and a certificate for NextCloud on a system installed using ubuntu snap?

I’m also not familiar with snap, so I don’t really know WHERE it installed everything, or what the configuration/scope limitations are. It appears some of the config can only be modified by root.

Should I just nuke the whole thing and re-install without the snap and follow some complete guide? I swear a SFTP server was easier to use than nextcloud.

EDIT: I’ve been reading up about certs (been a few years). It sounds like the commonName (CN) attribute isn’t really used anymore for verifying the hostname. It’s all about subjectAltName (Subject Alternative Name (SAN)) now. If that’s the case, could I put ‘asdf’ in for the commonName, then just put the IP address in the subjectAltName?

EDIT 2: OOH! Let’s encrypt now offers DNS validation. I’ll try using that to generate real certs for one of my dev domains and just install those on the nextcloud.

EDIT 3: I was able to use letsencrypts DNS validation along with certbot to generate the cert, key, and chain for my domain. I then copied those files into a directory accessable by the snap and re ran

nextcloud.enable-https custom (the three file paths here)

I will do a full write-up and post the bash scripts later.

Hi HopeClouder!
I have a problem similar to yours. Nextcloud is running on a VM and ports 443 and 80 are already being used by another web application. You said you would write a script for the process. Did you already have the opportunity and would you provide the script?