NextCloud SSL – Custom Signed Cert for SNAP

Want to use a custom, publicly-signed SSL for your NextCloud Server?

You’ve just built a new Ubuntu Server, and selected the “NextCloud” server option in the packages to include. The ISO will auto-download and configure NextCloud-SNAP, a sort of pre-built version with a lot of assumptions made for what you want. Overall, it’s a great start, and a LOT faster than compiling from scratch like most guides. Every guide I’ve found includes solely self-signed, or Let’s Encrypt SSLs — hard to find any guides regarding using a publicly signed by a certificate authority, so I’m writing my own — hoping it helps someone out there!

#Applying and Enabling a public SSL Certificate to NextCloud-SNAP HTTPS
#Escalate your Putty/SSH Session so you don't have to enter your password 10 times.
sudo -i
#
#Generate your SSL CSR
cd /home
openssl req -new -newkey rsa:2048 -nodes -keyout files.company.com.key -out files.company.com.csr
#
#This will create a private-key TXT file, and a Certificate Signing Request file. Submit the CSR into your SSL Authority (NameCheap, GoDaddy, whoever...). Get the SSL Signed, and download the ZIP file.
#
#To pull the files to your local computer, Use FileZilla and connect to your NextCloud Server. If you are unable to download a file, like the private key, try adjusting permissions on it and then downloading it.
chmod 750 files.company.com.key
#
#Inside a ZIP from your Signing Authority will usually be:
1. .CRT - The publicly signed Certificate.
2. .P7B - The certificate chain.
Next step, is to feed it all into Nextcloud's SNAP handler.
#
#Filezilla upload the .CRT and .P7B into your server. Move all of the goodies into a specific directory:
mv files.company.com* /var/snap/nextcloud/common
#Run the below command to import the SSL, bind it to HTTPS, and enable HTTPS access.
#nextcloud.enable-https custom <Public Cert> <Private Key> <Cert Chain>
nextcloud.enable-https custom filename.crt filename.key filename.p7b
At this point, your NextCloud server should begin responding with a SSL.

Leave a Reply

Your email address will not be published. Required fields are marked *