Some explanations about LE certificate please

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 22.2.0.2
Operating system and version (eg, Ubuntu 20.04): Raspberry Pi OS, Linux 5.10.63-v8+ aarch64
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.38 (Debian)
PHP version (eg, 7.4): 7.4.25e

The issue you are facing:

I have installed LE certificate. However when connecting NC with firefox i have a warning at the left of adress bar such as “You have added a security exeption for this site. Connection not secure”.

Adress prefix is “https”

Is this as expected or am i missing something?

Regards

No that is not expected. What name / URL do you use in Firefox? You have to use the exact same name that the certificate was issued to. Names like nextcloudpi.local or the IP address will not work.

why not posting your config.php for example? (take care about the sensitive data in there)

thx bb77 and JimmyKater

I use “paritsu.kenyoh.com”. Today i got a new certificate by error. I would like to keep the second one if possible because its valid for two domains.

user@host:~ $ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: kenyoh.com-0001
    Domains: kenyoh.com
    Expiry Date: 2022-02-01 08:50:48+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/kenyoh.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/kenyoh.com-0001/privkey.pem
  Certificate Name: kenyoh.com
    Domains: kenyoh.com paritsu.kenyoh.com
    Expiry Date: 2022-01-29 17:09:09+00:00 (VALID: 86 days)
    Certificate Path: /etc/letsencrypt/live/kenyoh.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/kenyoh.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
user@host:~ $

config.php:

<?php
$CONFIG = array (
  'overwriteprotocol' => 'https',
  'instanceid' => '<something>',
  'passwordsalt' => '<something>',
  'secret' => '<something>',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'kenyoh.com',
    2 => 'paritsu.kenyoh.com',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'filesystem_check_changes' => 1,
  'dbtype' => 'pgsql',
  'version' => '22.2.0.2',
  'overwrite.cli.url' => 'https://kenyoh.com',
  'htaccess.RewriteBase' => '/',
  'dbname' => '<something>',
  'dbhost' => 'localhost',
  'dbport' => '<something>',
  'dbtableprefix' => 'oc_',
  'dbuser' => '<something>',
  'dbpassword' => '<something>',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_smtphost' => '<something>',
  'mail_smtpport' => '465',
  'mail_smtpauth' => 1,
  'mail_smtpauthtype' => '<something>',
  'mail_smtpname' => '<something>',
  'mail_smtppassword' => '<something>',
  'mail_from_address' => '<something>',
  'mail_domain' => '<something>',
  'default_language' => 'de_DE',
  'default_phone_region' => 'CH',
  'knowledgebaseenabled' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'updater.release.channel' => 'stable',
);

I have done a restore of the last well known state of my server. Actually no more indications about “Security exception” and “Connection not secure”.

All running as expected again.

I wanted to verify the existing certificate and by error typed “sudo certbot” instead of “sudo certbot certificates”.

Sorry for the excitement.

Thx b77

I connect to “paritsu.kenyoh.com

regards

Sorry for getting back so late. Maybe you already solved it…

But the names in your certificates seem not to match paritsu.kenyoh.com. The certificates are issued to kenyoh.com, without any subdomain. Make sure that you use the exact same name in every config file. In your case that would be paritsu.com. If you want to use the subdomain, you either have to change the name in the config of your webserver or add it as an Alias. After that you have to reissue the certificates. Certbot should then provide a certifacete for the new name respective both names.