Cannot activate https with existing certificates about nextcloud-snap HOT 10 CLOSED

Thanks for following up -- I have resolved the issue with copying to the folder certs for nextcloud certs which wasnt empty just needed sudo su, then altering permissions, then rerunning command. Thanks!

from nextcloud-snap.

A Lets Encrypt certificate is not a custom certificate and may not be used as a custom certificate. So what you are trying to do is not possible. You cannot use an existing Lets Encrypt certificate to encrypt another site... there can only be one.

Possibly you could let the Nextcloud snap encryption service retrieve a certificate for a sub domain like cloud.mydomain.mydnsprovider.xyz and get a Lets Encrypt certificate for that sub domain, but assuming you have an existing web service on port 80 and or 443 that is not going to work.

You either need a wildcard certificate for your domain, in which case you may disable the Nextcloud snap Lets Encrypt service completely as your domain will be encrypted by an api.
or
You could use a reverse proxy and let NGINX proxy manager handle SSL termination for you, in which case you would also disable the Nextcloud snap Lets Encrypt service.

Sorry to have to say this again, but this is certainly not a Nextcloud snap issue and not a "Nextcloud snap encryption service issue" either. That's how Lets Encrypt works. Now I'm not going to point you to the Wiki this time around... and I'll stand to being corrected any time.

from nextcloud-snap.

Assuming you will close the issue when you see fit?

from nextcloud-snap.

A Lets Encrypt certificate is not a custom certificate and may not be used as a custom certificate. So what you are trying to do is not possible. You cannot use an existing Lets Encrypt certificate to encrypt another site... there can only be one.

That's not necessarily true. Perhaps @coyoteconscious moved domains. However, I do question why. @coyoteconscious, if you have a domain name pointing to the snap, why not just let the snap take care of your certs via Let's Encrypt? Even if this command worked, this cert will expire in a few months and you'll have to run this command again with new certs that you obtain yourself. The snap could be doing that for you.

Regarding why this is failing, can you take a peek inside the /var/snap/nextcloud/40228/certs/live directory? Note that it should be a symlink to another. What's in there? Do those files match what you provided?

from nextcloud-snap.

I think this may be related, but I have a similar challenge to activate https with an existing tailscale generated cert. In this case I have the cert.crt and the cert.key but am not clear what to use for the <chain>. The tailscale cert command does register the custom tailscale ddns entry with lets-encrypt. Thus I think it is a similar question to the o/p: how to register with an existing lets-encrypt registered cert? (well in my case I also do not have a <chain> file to use, I am unclear on it).

from nextcloud-snap.

Hey @rik-shaw, that's a valid question, but unrelated to this one. Mind opening a new issue?

from nextcloud-snap.

Hey @rik-shaw, that's a valid question, but unrelated to this one. Mind opening a new issue?

will do. Thanks for the quick reply.

from nextcloud-snap.

Hello I have having a very similar issue but a little different.

I have a wildcard certificate that I am trying to use nextcloud-snap to install from my haproxy/certbot box. I want to get away from SSL termination because the overhead is pretty crazy and ssl verification on things like email smtp are starting to not like that my backend switches to http or check verify none at the proxy.

I have cron scp copying the certs to my docker, exchange server, nextcloud, etc VM's --

I am getting the same error as OP, and there is nothing in the directory, it doesn't even exist and is write only here is my output:

mikekay@PROJECTNCLOUD:/snap/nextcloud/41512$ sudo nextcloud.enable-https custom /home/mikekay/certs/live/domain.com/cert.pem /home/mikekay/certs/live/domain.com/privk
ey.pem /home/mikekay/certs/live/domain.com/chain.pem
Installing custom certificate... done
Restarting apache... error
Certificates have been activated: using HTTPS only
Certificates appear self-signed: disabling HSTS
HTTP compression is disabled
notify_push reverse proxy is disabled
AH00526: Syntax error on line 101 of /snap/nextcloud/41512/conf/ssl.conf:
SSLCertificateFile: file '/var/snap/nextcloud/41512/certs/live/cert.pem' does not exist or is empty```

Why is it refusing to enable SSL, can I diable nginx since I already have a proxy in front? so many questions --

from nextcloud-snap.

@mikekay1, thanks for your request.
do you mind creating a new issue for this please...

from nextcloud-snap.

This issue is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity.

from nextcloud-snap.