Comments (7)
It may be that tailscale is only giving you the fullchain cert. Open up your .crt file. Do you see multiple "BEGIN CERTIFICATE"/"END CERTIFICATE" lines indicating that your cert is actually several certs?
from nextcloud-snap.
It may be that tailscale is only giving you the fullchain cert. Open up your .crt file. Do you see multiple "BEGIN CERTIFICATE"/"END CERTIFICATE" lines indicating that your cert is actually several certs?
Thank you so much for a quick reply. As you may guess, I am not very well versed in how all this happens. But, YES, in the cert.pem
file there are 2 blocks of BEGIN and END certificate entries. So does that imply that what I have is the chain and I should simply repeat its use as the 3rd parameter like this:
sudo nextcloud.enable-https custom cert.pem key.pem cert.pem
I will attempt that and report back.
from nextcloud-snap.
Not quite, the chain doesn't generally include the final cert, but that's beside the point: yes, give that a shot. We really should support not supplying a chain file, that's deprecated in Apache nowadays anyway because it now supports chained certs, like you have.
from nextcloud-snap.
YES I think that works! I did need to duplicate the file since it complained there was no chain.pem
still. Here is the simple explanation:
$ sudo cp cert.pem chain.pem
$ sudo nextcloud.enable-https custom cert.pem key.pem chain.pem
Installing custom certificate... done
Restarting apache... done
And I can now access nextcloud from a browser this way with no complaint about not being https etc:
https://myname.ts.net/
I will link to this issue for others that have been having the same issues. Thank you for the suggestion.
from nextcloud-snap.
Closing, thanks again!
from nextcloud-snap.
Excellent. Okay, while it's true that this issue is unrelated to the other one, I'll share the same word of caution. Let's Encrypt certificates are designed to be automatically renewed. Operating under that assumption means they can make their certs valid for very short timespans: 90 days. By manually loading those certs into Nextcloud, you're signing yourself for manually loading new certs in every 90 days or so or they will expire.
from nextcloud-snap.
Excellent. Okay, while it's true that this issue is unrelated to the other one, I'll share the same word of caution. Let's Encrypt certificates are designed to be automatically renewed. Operating under that assumption means they can make their certs valid for very short timespans: 90 days. By manually loading those certs into Nextcloud, you're signing yourself for manually loading new certs in every 90 days or so or they will expire.
Yes, understood. I will have to see how much pain this is, not sure if I can whip up a simple script with cron to take care of renewal? I see tailscale referencing "caddy" which can run on the server as well to manage this, but I am a bit out of my league (I am sure you will understand more than me :-) https://tailscale.com/kb/1190/caddy-certificates
from nextcloud-snap.
Related Issues (20)
- Support for allow only localhost HOT 1
- Update Nextcloud to 28.0.6
- Update Nextcloud to 29.0.1 HOT 3
- Redis license change HOT 7
- Update nextcloud to 27.1.10
- SNAP Nextcloud 27 stable 27.1.9snap1 has broken libpsl.so.5.2.0 HOT 28
- documentation wiki, reverse proxy settings from NC29 HOT 2
- Issues with v28 - 'sudo nextcloud.occ upgrade;' fails on very large databases HOT 45
- PHP opcache and imagick problems after update to Nextcloud-snap 28.0.6.1 HOT 9
- Cannot Upload Files Bigger than 8MB HOT 4
- Fixer service starts the maintenance mode every five minutes, but doesn't do anything HOT 4
- No Internet connection inside nextcloud snap HOT 11
- documentation faq, enable birthday calendar
- Update Nextcloud to 29.0.2
- Update PHP to 8.2.20
- documentation wiki, brute-force protection
- documentation wiki, nginx reverse proxy manager settings from NC29
- NextCloud Installation Broken - Unable To Update HOT 14
- How to modify the JSON file of translation content? HOT 3
- I can't write korean on nextcloud office. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nextcloud-snap.