Want to use a custom, publicly-signed SSL for your NextCloud Server?
You’ve just built a new Ubuntu Server, and selected the “NextCloud” server option in the packages to include. The ISO will auto-download and configure NextCloud-SNAP, a sort of pre-built version with a lot of assumptions made for what you want. Overall, it’s a great start, and a LOT faster than compiling from scratch like most guides. Every guide I’ve found includes solely self-signed, or Let’s Encrypt SSLs — hard to find any guides regarding using a publicly signed by a certificate authority, so I’m writing my own — hoping it helps someone out there!
#Applying and Enabling a public SSL Certificate to NextCloud-SNAP HTTPS #Escalate your Putty/SSH Session so you don't have to enter your password 10 times. sudo -i # #Generate your SSL CSR cd /home openssl req -new -newkey rsa:2048 -nodes -keyout files.company.com.key -out files.company.com.csr # #This will create a private-key TXT file, and a Certificate Signing Request file. Submit the CSR into your SSL Authority (NameCheap, GoDaddy, whoever...). Get the SSL Signed, and download the ZIP file. # #To pull the files to your local computer, Use FileZilla and connect to your NextCloud Server. If you are unable to download a file, like the private key, try adjusting permissions on it and then downloading it. chmod 750 files.company.com.key # #Inside a ZIP from your Signing Authority will usually be: 1. .CRT - The publicly signed Certificate. 2. .P7B - The certificate chain. Next step, is to feed it all into Nextcloud's SNAP handler. # #Filezilla upload the .CRT and .P7B into your server. Move all of the goodies into a specific directory: mv files.company.com* /var/snap/nextcloud/common #Run the below command to import the SSL, bind it to HTTPS, and enable HTTPS access. #nextcloud.enable-https custom <Public Cert> <Private Key> <Cert Chain> nextcloud.enable-https custom filename.crt filename.key filename.p7b At this point, your NextCloud server should begin responding with a SSL.