Before I post everything here, let me ask for some help / advices. I'm kinda stuck in a loop that gives me brain freezes.
What is my problem?
Nextcloud with LAMP on a lxc. Used certbot for LE certificates with domain nc.mydomain.com. Everything works.
Later a nginx reverse proxy was added to the network (seperate lxc with different IP)
mydomain.com is linked with Cloudflare DNS (A Record) and nc.mydomain.com (CNAME) gets forwarded on port 443 to my nextcloud with port 443 (2 certificates with the same domain).
Port 80 is not forwarded, therefore certbot fails to renew the certificate on the nextcloud lxc
My question?
What is the best and safest solution?
How can I add the port 80 in nginx pm? It says nc.mydomain.com is already in use.
Can i disable and remove everything with SSL on my nextcloud behind nginx?
Can Nextcloud get its certificate from nginx? if so, how?
I'm new to this topic and here we have 3 participants (gninx, lets encrypt, nextcloud). Okay 4 with Cloudflare.
What should I do for max security? A hint could be enough.
Welcome. First, mydomain.com is a valid domain that belongs to someone else. Please use your actual domain name. Or, example.com if you must but do not use other peoples names.
That said, how many public IP addresses do you have? I am not clear what you mean about your CNAME'd domain getting forwarded. I think I know but want to make sure.
This will be a lot easier with your actual domain names.
lol... whoever obtained mydomain.com must be happy
okay. So my domain is nanotekdynamic.online (A Record at Cloudflare DNS) and I have several subdomains (CNAME). One is for my Nextcloud with nc.nanotekdynamic.online
Before I installed nginx, Nextcloud got its certificate itself with domain nc.nanotekdynamic.online. Now the nginx is getting a certificate. So there is no need to have a second (identical) certificate on my Nextcloud, right?
I deactivated certbot and deleted the certificate on my Nextcloud. Nginx is forwarding everything to Port 80 with Force SSL. Browser and apps show a secure connection with Let's encrypt (yay). But Nextcloud is mocking me that the access is via http and not https.
add: I have one public IP connected to one A-Record (nanotekdynamic.online) but several subdomains like ab.nanotekdynamic.online, cd.nanotekdynamic... and so on.
nginx is handling those subdomains