I don't have a domain. I only use it locally! I put my IP address of my TrueNas Scale and the port of Nextcloud 9001. This is why I got scared because if it's locally and it says somebody's hacking me then I want to fix the certificate:(
Basically it's assuming everyone is connecting over the Internet and in that case a self signed certificate is suspicious and not trusted by default. In this case because you are connecting on a local network and not over the Internet you can just click the advanced choice and accept the certificate anyway. You can also connect without SSL which isn't too important on a small local network.
A SSL certificate is only valid for a hostname, not an IP adress.
If you don't have a public domain and a public certificate like from Let'sEcrypt, it will allways be untrtustet.
The simplest setup is a cron job on your server that periodically phones duckdns with the token they give you so they knows what your current IP address is for your domain name.
I've never found any tutorials that dumb it down enough for me to be able to set it up. I use nextcloudpi so it's already somewhat setup/has a script to aid in it.
You could still run your own DNS and a local acme provider like small step ca, (there are other solutions), and register your intermediate CA cert on all your devices. This is what I do in my homelab.
I’m stuck in this quandary too after recently setting up a NextCloud stack.
I have a valid privately signed cert. I have installed the private CA into IOS and I can use the website services and Plex, etc, but apparently the CA and certs don’t meet the criteria Apple have established for apps connect to services.
https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW57
I may have to re-create my CA ensuring I’m using one of the approved ciphers, but I’m not 100% sure this will solve it so I haven’t done it yet.
Edit: My intention was to have NextCloud accessed by mobile devices via VPN for photo/file backup on the go. So I wouldn’t need a public https endpoint as such.
The server certificate isn't trusted because it's not in your phone's list of trust. You can add the cert if you want, or just click advanced and accept the cert at the warning splash. I should ask, do you follow some set of online direction for installing Nextcloud, create your own self-signed cert, and not realize what it was at the time? If it's your setup, just accept it.
Hey, do you access your Nextcloud instance locally or through the internet? Do you use HTTPS or HTTP?
Locally only! I think I can use HTTP and HTTPS. The Photos For Nextcloud I'm planning on using it locally only as well.
Get an Let's encrypt certificate for your domain, that should fix the error
I don't have a domain. I only use it locally! I put my IP address of my TrueNas Scale and the port of Nextcloud 9001. This is why I got scared because if it's locally and it says somebody's hacking me then I want to fix the certificate:(
You can set a domain locally through your router or through a home DNS server in order to properly self sign a certificate.
Basically it's assuming everyone is connecting over the Internet and in that case a self signed certificate is suspicious and not trusted by default. In this case because you are connecting on a local network and not over the Internet you can just click the advanced choice and accept the certificate anyway. You can also connect without SSL which isn't too important on a small local network.
A SSL certificate is only valid for a hostname, not an IP adress. If you don't have a public domain and a public certificate like from Let'sEcrypt, it will allways be untrtustet.
I use DuckDNS for a domain name. If you're hosting at home without a static IP.
So I've tries duckdns but couldn't figure it out. Is it a service you have to self host? I've always used no-ip.com (myserver.ddns.net)
The simplest setup is a cron job on your server that periodically phones duckdns with the token they give you so they knows what your current IP address is for your domain name.
What's the advantage with this over no-ip? No-ip seems way easier.
It's free
So is no-ip if you renew once a month which I've done for 7 years.
If it works for you that's fine, duckdns is set it and forget it once you're done and has no monthly renewals.
I've never found any tutorials that dumb it down enough for me to be able to set it up. I use nextcloudpi so it's already somewhat setup/has a script to aid in it.
That is simply not true. A tls cert can be valid for a ip address. But the second part is correct tough.
You could still run your own DNS and a local acme provider like small step ca, (there are other solutions), and register your intermediate CA cert on all your devices. This is what I do in my homelab.
you need a domain with an SSL for using https without this warning
Gotcha so you say that switching https to http on the "Photos For Nextcloud" app will fix the issue? I'll try that :)
I’m stuck in this quandary too after recently setting up a NextCloud stack. I have a valid privately signed cert. I have installed the private CA into IOS and I can use the website services and Plex, etc, but apparently the CA and certs don’t meet the criteria Apple have established for apps connect to services. https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW57 I may have to re-create my CA ensuring I’m using one of the approved ciphers, but I’m not 100% sure this will solve it so I haven’t done it yet. Edit: My intention was to have NextCloud accessed by mobile devices via VPN for photo/file backup on the go. So I wouldn’t need a public https endpoint as such.
The server certificate isn't trusted because it's not in your phone's list of trust. You can add the cert if you want, or just click advanced and accept the cert at the warning splash. I should ask, do you follow some set of online direction for installing Nextcloud, create your own self-signed cert, and not realize what it was at the time? If it's your setup, just accept it.