How to setup custom certificate when using custom domain ?

[raphraph]

Wiki page about custom certificate is quite lite ;) I can understand that the project concentrates on delivering services associated to a syncloud domain + syncloud managed Let's Encrypt certificate.

But for users who already have their own domain, activating with own domain is well documented. But then, facing the "Your connection is not secure" browser warning is not nice, and user will want to install it's own certificate.

How to get a Let's Encrypt certificate for a custom domain ? There are many guides for generating a LE certificate for a raspberryPI, I tried a few without success, and also without knowing if there was a possibility that I break something. Could there be a more detailed wiki page about that ?

Furthermore on the wiki page the paths to the .crt and .key files is not correct. It seems that it is now "/var/snap/platform/common/syncloud.crt".

[cyberb]

Good question.

I guess you cannot enable externall access mode (which would enable certs) as it should be used only for syncloud.it domains.

Just pushed a fix which should allow certbot to try getting a real cert.

You still need to have a port mapping for 80 on your router as doc says.

Fixed docs: https://github.com/syncloud/platform/wiki/Custom-domain

I will let you know when it is ready for testing.

[cyberb]

Can you test new version?

Ssh to your device and run:

snap refresh platform --channel=master

[cyberb]

This should tell you if lets encrypt is running:

tail 100 /var/snap/platform/common/log/letsencrypt.log

[raphraph]

Thanks for reactivity. The fix works great, there is now a valid certificate.

However it seems that it broke the Nextcloud app (but not Rocket.chat). Now when accessing Nextcloud I land on a blank page. In debugger I only find this : Erreur lors du chargement de cet URI : Could not load the source for https://nextcloud.mydomain.com/. [Exception... "Component returned failure code: 0x80470002 (NS_BASE_STREAM_CLOSED) [nsIInputStream.available]" nsresult: "0x80470002 (NS_BASE_STREAM_CLOSED)" location: "JS frame :: resource://devtools/shared/base-loader.js -> resource://devtools/shared/DevToolsUtils.js :: onResponse :: line 569" data: no] Stack: onResponse@resource://devtools/shared/base-loader.js -> resource://devtools/shared/DevToolsUtils.js:569:25 onStopRequest@resource://gre/modules/NetUtil.jsm:126:17 Line: 569, column: 0

It's not the first time this happens to me, when I was playing around trying to generate a certificate of my own. When an app breaks like this, I know that reinstalling fixes it, but reinstalling also erases everything about the app. So I was wondering if this happens in the future, when I'm really using the app and don't want to loose everything, what can I do ? (maybe this should be a new issue ?)

[cyberb]

This sounds like a separate issue, could you create one?

I will release a fix and let you know when you can switch back to stable.

[cyberb]

This now is released.

snap refresh platform --channel=stable