Comments (7)
It may be that tailscale is only giving you the fullchain cert. Open up your .crt file. Do you see multiple "BEGIN CERTIFICATE"/"END CERTIFICATE" lines indicating that your cert is actually several certs?
from nextcloud-snap.
It may be that tailscale is only giving you the fullchain cert. Open up your .crt file. Do you see multiple "BEGIN CERTIFICATE"/"END CERTIFICATE" lines indicating that your cert is actually several certs?
Thank you so much for a quick reply. As you may guess, I am not very well versed in how all this happens. But, YES, in the cert.pem
file there are 2 blocks of BEGIN and END certificate entries. So does that imply that what I have is the chain and I should simply repeat its use as the 3rd parameter like this:
sudo nextcloud.enable-https custom cert.pem key.pem cert.pem
I will attempt that and report back.
from nextcloud-snap.
Not quite, the chain doesn't generally include the final cert, but that's beside the point: yes, give that a shot. We really should support not supplying a chain file, that's deprecated in Apache nowadays anyway because it now supports chained certs, like you have.
from nextcloud-snap.
YES I think that works! I did need to duplicate the file since it complained there was no chain.pem
still. Here is the simple explanation:
$ sudo cp cert.pem chain.pem
$ sudo nextcloud.enable-https custom cert.pem key.pem chain.pem
Installing custom certificate... done
Restarting apache... done
And I can now access nextcloud from a browser this way with no complaint about not being https etc:
https://myname.ts.net/
I will link to this issue for others that have been having the same issues. Thank you for the suggestion.
from nextcloud-snap.
Closing, thanks again!
from nextcloud-snap.
Excellent. Okay, while it's true that this issue is unrelated to the other one, I'll share the same word of caution. Let's Encrypt certificates are designed to be automatically renewed. Operating under that assumption means they can make their certs valid for very short timespans: 90 days. By manually loading those certs into Nextcloud, you're signing yourself for manually loading new certs in every 90 days or so or they will expire.
from nextcloud-snap.
Excellent. Okay, while it's true that this issue is unrelated to the other one, I'll share the same word of caution. Let's Encrypt certificates are designed to be automatically renewed. Operating under that assumption means they can make their certs valid for very short timespans: 90 days. By manually loading those certs into Nextcloud, you're signing yourself for manually loading new certs in every 90 days or so or they will expire.
Yes, understood. I will have to see how much pain this is, not sure if I can whip up a simple script with cron to take care of renewal? I see tailscale referencing "caddy" which can run on the server as well to manage this, but I am a bit out of my league (I am sure you will understand more than me :-) https://tailscale.com/kb/1190/caddy-certificates
from nextcloud-snap.
Related Issues (20)
- PHP OPcache performance tuning to benefit the Nextcloud snap HOT 4
- Unable to play .mkv video files properly HOT 5
- Upgrade to 27.1.8 to fix "Enforce password protection" bug HOT 6
- nextcloud.enable.https lets-encrypt won't work HOT 3
- Upgrade Nextcloud to 28.0.4 HOT 2
- Upgrade Nextcloud to 27.1.8 HOT 1
- Upgrade Nextcloud to 26.0.13
- Upgrade Apache to 2.4.59
- [Solved] File upload - Toastify is Awesome - notice on file uploading of size > 1 mb HOT 3
- Upgrade PHP to 8.2.18
- Curl errors now showing up in the logs HOT 5
- glibc Vulnerability (CVE-2024-2961) potentially exploitable from PHP HOT 7
- nextcloud.export not exporting userdata HOT 17
- Update Nextcloud to 29
- Update Nextcloud to 28.0.5
- Update Nextcloud to 27.1.9 HOT 1
- NEXTCLOUD VERSION - still 24 as per security scan of nextcloud HOT 1
- Update MySQL to 8.0.37 HOT 1
- MySQL starting with 8.0.37 requires cmake 3.11.2 or newer
- nextcloud-snap/wiki/Managing-services | error in text + suggestions HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nextcloud-snap.