Ubuntu &mdash; UrbanLife https://paper.wf/urbanlife/tag:Ubuntu A place to document my experience in this urban plain. Tue, 12 May 2026 06:30:59 +0000 How to enable HTTPS for a local network Nextcloud instance https://paper.wf/urbanlife/how-to-enable-https-for-a-local-network-nextcloud-instance <![CDATA[This post will go over the basic steps to enable HTTPS for an intranet Nextcloud service. I have to mess with this every three months when Let's Encrypt expires my certs, and it's always annoying. This kind of setup might be useful for when you self-host a Nextcloud instance and don't want to open your home network to the public. I use Zerotier to provide a static IP address and connect to my Nextcloud server. Environment: Ubuntu 22.04.1 LTS Nextcloud 24.0.7snap1 #DNS is managed using #Namecheap Zerotier for external network access Step 1 - Generate new certs This will start the cert generation process using the challenge method to prove domain ownership. ~$ sudo certbot certonly --manual --preferred-challenges dns Enter the FULL domain for the certs Copy the value that it returns for the next step Step 2 - Create TXT records On whatever DNS service you use, create a TXT record using the "acme-challenge" domain Let's Encrypt created and the random string it generated. Create TXT record. Domain should be acme-challenge.your domain Value should be whatever random string was generated by LetsEncrypt Verify that the record has been updated by using https://toolbox.googleapps.com/apps/dig NOTE: For subdomains, only the "subdomain" portion is needed for the domain record NOTE: When verifying, you should see the value of the TXT record. If you don't wait until the record has been verified, you'll need to start the process over again. Step 3 - Copy the certs into Nextcloud We will now copy the generated certs into the Nextcloud directory. Copy the certs from where Let's Encrypt dumped them /etc/letsencrypt/live/your domain into /var/snap/nextcloud/common Rename privkey.pem to key.pem NOTE_: Certs must be a directory that the Nextcloud snap has access to. The easiest is to place them into /var/snap/nextcloud/common. These can be removed once the process is over. Step 4 - Apply the certs We will now apply the new certs. Disable HTTPS for Nextcloud ~$ sudo nextcloud.disable-https Stop the Nextcloud snap service ~$ sudo snap stop nextcloud Enable HTTPS with new certs ~ $ sudo nextcloud.enable-https custom -s \n /path to cert.pem\n /path to key.pem \n /path to chain.pem Start Nextcloud ~$ sudo snap start nextcloud You should now be able to access Nextcloud using HTTPS. Hopefully someone else finds this helpful! Most people don’t have this setup (#Nextcloud Snap with #zerotier) and it took a lot of tinkering to get it to work. The main source that used was this blog from David Augustat. It’s a nice read on how to set up HTTPS for #intranet #domains for general use cases! https://davidaugustat.com/web/set-up-lets-encrypt-on-intranet-website]]> This post will go over the basic steps to enable HTTPS for an intranet Nextcloud service. I have to mess with this every three months when Let's Encrypt expires my certs, and it's always annoying.

This kind of setup might be useful for when you self-host a Nextcloud instance and don't want to open your home network to the public. I use Zerotier to provide a static IP address and connect to my Nextcloud server.

Environment:

Step 1 – Generate new certs

This will start the cert generation process using the challenge method to prove domain ownership.

  1. ~$ sudo certbot certonly --manual --preferred-challenges dns
  2. Enter the FULL domain for the certs
  3. Copy the value that it returns for the next step

Step 2 – Create TXT records

On whatever DNS service you use, create a TXT record using the “acme-challenge” domain Let's Encrypt created and the random string it generated.

  1. Create TXT record.
    1. Domain should be _acme-challenge.<your domain>
    2. Value should be whatever random string was generated by LetsEncrypt
  2. Verify that the record has been updated by using https://toolbox.googleapps.com/apps/dig

NOTE: For subdomains, only the “subdomain” portion is needed for the domain record

NOTE: When verifying, you should see the value of the TXT record. If you don't wait until the record has been verified, you'll need to start the process over again.

Step 3 – Copy the certs into Nextcloud

We will now copy the generated certs into the Nextcloud directory.

  1. Copy the certs from where Let's Encrypt dumped them /etc/letsencrypt/live/<your domain> into /var/snap/nextcloud/common
  2. Rename privkey.pem to key.pem

NOTE: Certs must be a directory that the Nextcloud snap has access to. The easiest is to place them into /var/snap/nextcloud/common. These can be removed once the process is over.

Step 4 – Apply the certs

We will now apply the new certs.

  1. Disable HTTPS for Nextcloud

    ~$ sudo nextcloud.disable-https

  2. Stop the Nextcloud snap service

    ~$ sudo snap stop nextcloud

  3. Enable HTTPS with new certs

    ~ $ sudo nextcloud.enable-https custom -s \n
/<path to cert.pem>\n
/path to key.pem> \n
/<path to chain.pem>

  4. Start Nextcloud

    ~$ sudo snap start nextcloud

You should now be able to access Nextcloud using HTTPS.

Hopefully someone else finds this helpful! Most people don’t have this setup (#Nextcloud Snap with #zerotier) and it took a lot of tinkering to get it to work.

The main source that used was this blog from David Augustat. It’s a nice read on how to set up HTTPS for #intranet #domains for general use cases!

https://davidaugustat.com/web/set-up-lets-encrypt-on-intranet-website

]]> https://paper.wf/urbanlife/how-to-enable-https-for-a-local-network-nextcloud-instance Wed, 07 Dec 2022 01:57:43 +0000