Will Nextcloud Self-Signed Certificate installs work with Chrome's upcoming Manifest changes?

Attention all home-lab users and those of you running NextCloud on a local network using a “Self-Signed Certificate”.

Are you aware that an upcoming update to the Chromium browser (variants include Google Chrome, Brave, Vivaldi, Microsoft Edge etc) will disallow self-signed certificates causing the following “NET::ERR_CERT_AUTHORITY_INVALID Error” ?

This is a result of removing support for Manifest V2 and adopting Manifest V3. This is outlined in this post - Chromium

Here’s an example of this…
For those of you using the Floccus Bookmark Sync Browser Extension with a locally hosted NextCloud server using Self-Signed Certificates, you would have noticed the latest version fails. This is because the author of the Floccus plugin has removed support for Manifest V2 and migrated to Manifest v3.

Once Chromium has removed support for Manifest V2, this will have widespread ramifications for Nextcloud installations that use “Self-signed certificates”.

What does this means in non-tech speak? If we update our Chromium browsers to this upcoming version that only supports Manifest V3, we may not be able to login to our locally hosted NextCloud servers using our Self-Signed Certificates.

I thought I’d ring the alarm bells early as I’m hoping someone in this community can debunk my fears. If not, then perhaps someone can escalate this issue to the NextCloud Developers, so someone may devote some time to developing a work around to support “Self-signed certificates” with Manifest V3 (if that’s even possible).

Disclosure: I’m not a developer so I may have this completely wrong. However, I have experienced first hand the issue with the Floccus Bookmark browser extension issue. I thought I’d raise this issue here so that people smarter than I can chime in as we can discuss further.

Is there not a way that you can add your own certificate manually. Or worst case, create your own certificate authority and import this manually on your device?

Once you make your nextcloud available outside your network, it is mostly possible to use free letsencrypt certificates. So the self-signed is more interesting for local test environments and such cases I suppose.

So here’s the thing, let’s say some of us do not want to expose our NextCloud outside our home network or local network. We don’t want the risk of hacks and the extra burden of security maintenance and patching etc.

Many of us home-lab folks just don’t want any of those headaches and just want to access NextCloud via local IP address E.g. 192.168.0.XXX hence a Self-signed Certificate is a great zero-cost, easy to implement solution.

I just checked and found some tutorials to create your own certificate authority and then import this root certificate in your system’s trusted certification authorities:

2 Likes