DEV Community

AC1556
AC1556

Posted on

How to enable HTTPS for a local network Nextcloud instance

This post can also be read over on my federated WriteFreely blog

This post will go over the basic steps to enable HTTPS for an intranet Nextcloud service. I have to mess with this every three months when Let's Encrypt expires my certs, and it's always annoying.

This kind of setup might be useful for when you self-host a Nextcloud instance and don't want to open your home network to the public. I use Zerotier to provide a static IP address and connect to my Nextcloud server.

Environment:

  • Ubuntu 22.04.1 LTS
  • Nextcloud 24.0.7snap1
  • DNS is managed using Namecheap
  • Zerotier for external network access

Step 1 - Generate new certs

This will start the cert generation process using the challenge method to prove domain ownership.

  1. ~$ sudo certbot certonly --manual --preferred-challenges dns
  2. Enter the FULL domain for the certs
  3. Copy the value that it returns for the next step

Step 2 - Create TXT records

On whatever DNS service you use, create a TXT record using the "acme-challenge" domain Let's Encrypt created and the random string it generated.

  1. Create TXT record.
    1. Domain should be _acme-challenge.<your domain>
    2. Value should be whatever random string was generated by LetsEncrypt
  2. Verify that the record has been updated by using https://toolbox.googleapps.com/apps/dig

NOTE: For subdomains, only the "subdomain" portion is needed for the domain record

NOTE: When verifying, you should see the value of the TXT record. If you don't wait until the record has been verified, you'll need to start the process over again.

Step 3 - Copy the certs into Nextcloud

We will now copy the generated certs into the Nextcloud directory.

  1. Copy the certs from where Let's Encrypt dumped them /etc/letsencrypt/live/<your domain> into /var/snap/nextcloud/common
  2. Rename privkey.pem to key.pem

NOTE: Certs must be a directory that the Nextcloud snap has access to. The easiest is to place them into /var/snap/nextcloud/common. These can be removed once the process is over.

Step 4 - Apply the certs

We will now apply the new certs.

  1. Disable HTTPS for Nextcloud
~$ sudo nextcloud.disable-https
Enter fullscreen mode Exit fullscreen mode
  1. Stop the Nextcloud snap service
    ~$ sudo snap stop nextcloud
Enter fullscreen mode Exit fullscreen mode
  1. Enable HTTPS with new certs
    ~ $ sudo nextcloud.enable-https custom -s \n
    /<path to cert.pem>\n
    /path to key.pem> \n
    /<path to chain.pem>
Enter fullscreen mode Exit fullscreen mode
  1. Start Nextcloud
    ~$ sudo snap start nextcloud
Enter fullscreen mode Exit fullscreen mode

You should now be able to access Nextcloud using HTTPS.

Hopefully someone else finds this helpful! Most people don’t have this setup (Nextcloud Snap with Zerotier) and it took a lot of tinkering to get it to work.

The main source that used was this blog from David Augustat. It’s a nice read on how to set up HTTPS for intranet domains for general use cases!

https://davidaugustat.com/web/set-up-lets-encrypt-on-intranet-website

Oldest comments (0)