NextCloud Server Certificate

Discussion of software apps
Post Reply
wove
Posts: 1188
Joined: Mon May 04, 2020 4:47 pm

NextCloud Server Certificate

Post by wove »

NextCloud works very well for me. One connects via https, and generally that returns an "invalid certificate". This has not been a real problem because Linux apps like Kontact and Evolution provide an option to accept the certificate either temporarily or forever. A couple Windows applications have decided to just plain reject the connection because of the invalid certificate and do not provide a option to manually accept the certificate.

Of course it is a perfectly valid certificate, the problem being is that it is self signed. Does anyone know of a simple way to set up/install a valid certificate?
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: NextCloud Server Certificate

Post by tlmiller »

letsencrypt.
wove
Posts: 1188
Joined: Mon May 04, 2020 4:47 pm

Re: NextCloud Server Certificate

Post by wove »

Thanks I checked it out briefly and it looks doable. It does seem like a bit of overkill for my purpose. I think this is made impossible by PIM software just to push you to big corporate cloud services. My NextCloud server is pretty secure. I trust it more than MS, or Google. A client logging in needs to provide two factor authentication, then after logging it a 20 word pass phrase needs to be entered to decrypt/encrypt data going to and from the server. It is on a wired connection and the router is setup to block any access to the Raspberry Pi that is not from the local network. So as it stands it is suitably secure for my purposes and I am comfortable with my self signed certificate.
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: NextCloud Server Certificate

Post by tlmiller »

Letencrypt is pretty easy. The one weekness, 90-day certs, isn't even THAT big a deal since they have some articles that explain how to set up automation to renew the cert automatically. The fact that they provide CA-backed certs for free (~$75/year value) is, IMO, prettty huge for use cases such as yours, where you really don't NEED a CA-backed cert for functionality, but it's irritating to jump through the hoops to make some things work with a self-signed cert.
wove
Posts: 1188
Joined: Mon May 04, 2020 4:47 pm

Re: NextCloud Server Certificate

Post by wove »

Letsencrypt has a module built right into NextCloud to get a certificate and auto renew the certificate. It is very straight forward. The stumbling block I am running into is Letsencrypt requires a domain name, which I lack. I tried my IP address, but Letsencrypt will not issue a certificate to in ip address. I tried using a .local domain, but it will not issue a certificate to a .local domain either. So at the moment it looks like I have what I have and will just need to use clients that can work with self signed certificates.

Letsencrypt does seem like a very good deal though. You can rent a NextCloud instance on a server fairly cleaply and from what I read the hosting company takes care of the certificates. What I have setup is very workable though. I have a 120GB M.2 Sata HD setup for data storage and that has proven to be handy for sharing files without using a thumb drive based sneaker-net.

NextCloud has lots of add in modules, so of which I am planning on trying out. There is an RSS module which should allow me to get download my RSS feeds once locally to NextCloud, then pull them into whatever device I am using, which would save some bandwidth.
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: NextCloud Server Certificate

Post by tlmiller »

If you ever wanted to get it working, you can get domains pretty cheap, about $10/year if you sign up for keeping it multiple years. And gives you options in the future if you decide to do other things.
Just a thought to keep in mind. I don't blame you particularly for just using the self-signed and giving the ole bird to clients that refuse.
wove
Posts: 1188
Joined: Mon May 04, 2020 4:47 pm

Re: NextCloud Server Certificate

Post by wove »

:) I think about it. Then I get to thinking this is an order of magnitude beyond where I started. I have a 3 year old Raspberry Pi 3B+, stuck in an old wooden box, running off a second hand wall wart. There is a 32GB miroSD card with Nextcloud installed and used 64GB M.2 SATA in a USB adaptor for data storage. Putting together a computer thing is a lot like remodeling a house. If I am adding an electrical outlet, perhaps I should run network cable. As long as I am redoing the walls, maybe I should put down new flooring. If I am upping the memory, maybe I should upgrade the hard drive as well. . .

It has been a fun little passtime and is somewhat useful as well.
Post Reply