SSL Certificate for Local-only Nextcloud snap instance?

Hi everyone,

I’m new to Nextcloud and Self hosting in general. I recently decided to give it a shot as it was really easy to get started with the latest snap version of nextcloud on Ubuntu 20.04 LTS.

I was able to find the command:

sudo nextcloud.enable-https -h

I realised that I can’t use the “lets-encrypt” option as I don’t have a domain and I don’t want to. I only want to have my nextcloud accessible locally. So I went with the “self-signed” option and it worked great except that now I’m realizing that it creates issues since the certificate is not recognized by third party apps. For example, on android with the different bookmark sync apps, It won’t wont work. I’m guessing it’ll also be an issue with other apps that I’ll be getting into in the future so I want to know what is the best way to proceed in this case? I’ve done some research already but I’m really new to all of this so I don’t really understand what needs to be done.

Is there a simple way to properly enable https for a local nextcloud instance without attaching it to a domain so it doesn’t cause connection issues with 3rd party apps? Or if it’s not simple, is there a way to be able to access my nextcloud using both http and https? So for example, in the app that causes issues, I can use http://192.168.x.x and in other apps/browsers I can use https://192.168.x.x? As of now, http is automatically redirected to https.

Thanks in advance.

I would say buy a domain… mine was so cheap, i spent less than 10 euros for 5 years !!!

Self signed cert are more and more getting set aside … not worst the pain

Additional you will need access from internet to your Nextcloud server via http and https. Otherwise you will not be able to install and renew the Letsencrypt certificate.

If your goal is local only you can generate a self signed. Shouldn’t matter if you never expose your nextcloud publicly.

1 Like

That’s what I did using:

sudo nextcloud.enable-https self-signed

Very easy to setup but like I said, it causes issues with some apps like Android bookmarks sync apps denying connection. And I know it’s the certificate causing issues because once I disable https, I can sync bookmarks no problem. Others suggest getting a domain but is there a way I can allow both http and https connection, so that it’s not automatically redirected to https? That way I can use the http address just for those problematic apps.

1 Like

I think there are only two options.

a.) self signed
Then you application must trust the used CA because it normally does not trust it
b.) Lets Encrypt, …
Then you must allow something like DynDNS and Port-Forwarding on your internet router. You can disable it and only enable for extend the certificate. You need to Port-Forward 80 and 443 for Lets Encrypt.