Closed ghost closed 5 months ago
JoshuaPettus
commented
7 months ago Have you looked into letsencrypt? It's not that hard. No harder then setting up a self signed cert. I really wouldn't bother with a self signed cert for public space usage. It's just a bad idea.
Many NC services don't support self assigned certs because it makes no sense to support a less-than-ideal setup when an ideal setup is so readily available.
matteo-convertino
commented
7 months ago I think app logs would be helpful. To download them you can do this:
http://localhostThen you could share it here.
Do the Nextcloud logs also say anything in particular?
ostasevych
commented
6 months ago I also use self-signed certificate, and the app doesn't work at all showing black screen. For me this is the only option with local domains. Please, consider adding support of self-signed certificates.
JoshuaPettus
commented
6 months ago I also use self-signed certificate, and the app doesn't work at all showing black screen. For me this is the only option with local domains. Please, consider adding support of self-signed certificates.
Technically the proper way to do it with a local domain is to make your own certificate authority to sign your own certificates. Then import that CA certificate on all of your clients.
ostasevych
commented
6 months ago I also use self-signed certificate, and the app doesn't work at all showing black screen. For me this is the only option with local domains. Please, consider adding support of self-signed certificates.
Technically the proper way to do it with a local domain is to make your own certificate authority to sign your own certificates. Then import that CA certificate on all of your clients.
that is already done, even on my android phone
JoshuaPettus
commented
6 months ago Assuming you did it proper, then it's a CA signed certificate. It shouldn't be causing you problems. Sounds like something else is up. look at matteo-convertino's recommendation for logs.
[EDIT] Question, you are using your android phone only on your local network, correct? Otherwise you are trying to get at your local NC server through a NAT, if it is even exposed to the public internet. And if it is, you might as well use lets encrypt.
[EDIT Again] I should clarify, It's your CA root certificate you are installing on your clients, correct? Not the signed end certificate used by your server?
[EDIT can't stop thinking about this...] This is interesting regarding installing a user CA root on android. https://android.stackexchange.com/questions/237141/how-to-get-android-11-to-trust-a-user-root-ca-without-a-private-key
ostasevych
commented
6 months ago Assuming you did it proper, then it's a CA signed certificate. It shouldn't be causing you problems. Sounds like something else is up. look at matteo-convertino's recommendation for logs.
Well, that is possible. Actually, I tried to get logs, but they are empty. Would you suggest other way of getting them?.. Eg, through adb?.
[EDIT] Question, you are using your android phone only on your local network, correct? Otherwise you are trying to get at your local NC server through a NAT, if it is even exposed to the public internet. And if it is, you might as well use lets encrypt.
I use VPN client both on PC and android to reach nextcloud. All other apps are working fine, including the NC Android.
[EDIT Again] I should clarify, It's your CA root certificate you are installing on your clients, correct? Not the signed end certificate used by your server?
Yes, I've produced my ca certificates which I use on all clients. Again, the NC Android app, and other NC apps for android works correctly.
[EDIT can't stop thinking about this...] This is interesting regarding installing a user CA root on android. https://android.stackexchange.com/questions/237141/how-to-get-android-11-to-trust-a-user-root-ca-without-a-private-key Many thanks for that!
Actually, I foresee moving somewhere to more convenient way, and using let's encrypt, but VPN still seems to be safer way.
JoshuaPettus
commented
6 months ago Well, that is possible. Actually, I tried to get logs, but they are empty. Would you suggest other way of getting them?.. Eg, through adb?.
Good question @matteo-convertino maybe has an idea? The nextcloud log on the server may be worth checking too.
I use VPN client both on PC and android to reach nextcloud. All other apps are working fine, including the NC Android.
Actually, I foresee moving somewhere to more convenient way, and using let's encrypt, but VPN still seems to be safer way.
That makes total sense. I have been toying with the idea of keeping everything in the VPN, but it would be giving up some conveniences. If you have a registered domain to sign in for your VPN, and depending on who your registrar is, Letsencrypt does have the "DNS-01" challenge method rather than the standard HTTP method. With that, I believe you shouldn't have to open port 80 on your home firewall to get the certificate and you can keep your VPN model while still having a proper signed cert.
If you do go the direct route down the road, using cloudflare as a middle man between you and your server does mitigate some of the risks, but does add to the complexity and challenges somewhat.
ostasevych
commented
5 months ago Sorry to ask you again, is it realistic to add the support to self-signed certificates at all? Are any steps to be done from my side to study the issue on my phone?
matteo-convertino
commented
5 months ago @ostasevych Sorry if I ignored this issue (I only did it because it was an error limited to you, or a few other people). Honestly I haven't done any research on it yet, as soon as the severe bug with the new release (0.5.1) is resolved I will work on this.
matteo-convertino
commented
5 months ago I'm closing it because it's a duplicate of https://github.com/matteo-convertino/otpmanager-app/issues/35 and also because it's about the mobile app.
The login page doesn't load. I'm using Nextcloud 28.0.1 and a self-sign certificate on the server.