Snap nextcloud.enable-https custom with pfSense certificates


please excuse my english, i speak english à little, :upside_down_face:

i have an nextcloud server runing in my local lan, and i want to use https to secure the service in my lan, i have triyed to use self-signed certificates but i am desapointed by warning message and a client desctop behavior who always ask me if i want to continue to trust on self-signed certificat…the most users skip this step and stay disconnected from server and file synchronisation the most of the time…

i have tryed to use lets-encrypt but i that not work with non public ip adress, i have a dynamic ip adresse and i dont wnat to publish my server on internet…

i have pfSense firewal, and he can be configured as certificat autority, that what i have done to itself and using https to secure connection between pfSense and pc users, i have make root-ca and sub-ca and configure windows clients to agree pfSense as valide CA on my LAN and that work fine.

i want to do same thing with NextCloud server, i have create a server serificat on pfSense for my nextcloud server with a FQDN (myserver.mycompany.local) and ip server on certificates atributs, like what i have do for pfSense certificates itself, and and export nextcloud.cert and nextcloud.key and import them on nextcloud server, but pfSense not give me chain.pem, to execute the commande : nextcloud.enable-https custom [-h -s] <cert> <key> <chain>

i have tried to merge root-ca.cert and sub-ca.cert on chain.pem file and use it in parameters but that not work, when i execute the command, the server reject my connexions, and i find my self obliged to restor nextcloud service by using à self-signed certificate

What i have do wrong ? and how can-i install a third party custom certificat in snap installation of nextcloud ?

thanks by advance. :innocent: