Certificate not working with Cloudflare


#1

Hi Guys,

Background: UNRAID, MariaDB, NextCloud, Letsencrypt.

All apps are working great until we decided to put a cert to NC. Letsencrypt is installed properly and was able to verify the subdomain. I tried 2-methods of installing the cert both with no luck. I’m not sure if this is a CF issue, NextCloud, or Letsencrypt. CF has 2-options either DNS or DNS + HTTP proxy. When I enabled only the DNS on CF, I’m able to access NC from the outside with invalid cert and when I enabled DNS + HTTP proxy, the cert is valid but I’m getting an error 502 (bad gateway). I can telnet to port 443 from the outside but I can’t figure out why the NC page is not loading.

method 1: https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/
method 2: https://www.youtube.com/watch?v=I0lhZc25Sro

These are the settings:
NC config.php (scrubbed)
<?php
$CONFIG = array (
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘datadirectory’ => ‘/data’,
‘instanceid’ => ‘ocr0kaov7upo’,
‘passwordsalt’ => ‘yayayayayayayaya’,
‘secret’ => ‘yayayayayayayaya’,
‘trusted_domains’ =>
array (
0 => ‘1.1.1.1’,
1 => ‘nextcloud.domain.com’,
),
‘overwrite.cli.url’ => ‘https://nextcloud.domain.com’,
‘overwritehost’ => ‘nextcloud.domain.com’,
‘overwriteprotocol’ => ‘https’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘13.0.5.2’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘1.1.1.1:3306’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘user’,
‘dbpassword’ => ‘password’,
‘installed’ => true,
‘mail_smtpmode’ => ‘smtp’,
‘mail_smtpauthtype’ => ‘LOGIN’,
‘mail_from_address’ => ‘nextcloud’,
‘mail_domain’ => ‘domain.com’,
‘mail_smtphost’ => ‘2.2.2.2’,
‘mail_smtpport’ => ‘25’,
);

Letsencrypt nextcloud.subdomain.config
server {
listen 443 ssl;

server_name nextcloud.*;

include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {
    include /config/nginx/proxy.conf;
    resolver 127.0.0.11 valid=30s;
    set $upstream_nextcloud nextcloud;
    proxy_max_temp_file_size 2048m;
    proxy_pass https://$upstream_nextcloud:443;
}

}

Any help is appreciated.


#2

Hi,

This means the certificate is not setup correctly… On your Nginx configuration, try to use server_name nextcloud.domain.com (and add server alias) because I believe the * in server_name (as how you setup) represents a wildcard in tlds.

I actually have no idea why it’s an 502… Probably because cloudflare is not able to visit your site (via https)… But an error is expected…

This means at least your port is open up correctly…

Thank you


#3

Thanks, Stevenzhu.

I changed the Nginx config and add the server_name and NC page did not load (error 502) and I got the same invalid cert. I enabled CF’s DNS + HTTP proxy, the cert is also invalid with the same error 502 (bad gateway). I changed the Nginx config back to nextcloud.* and this time cert is valid but still getting error 502. Driving me nuts! :slight_smile:


#4

And this is how the page looks like after changing the Nginx config back to nextcloud.* and changing CF to DNS only.


#5

What’s the real name?


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.