Sometimes ports 80 and 443 are not available. We are going to use Letsencrypt’s certbot --manual and --preffered-challenges dns options to get certificates and activate them manually.
You’ll need a domain and access to the DNS records to create a TXT record pointing to: _acme-challenge.yourNCP.yourdomain.tld with a challenge value provided by certbot when running it with the dns option.
sudo apt install certbot python-certbot-apacheThis installs Letsencrypt’s certbot and apache module (apache not tested yet)sudo nano /etc/hostsAdd a line with your local IP hostname.domain.tldsudo certbot -d yourNCP.domain.tld --manual --preferred-challenges dns certonlyThis, interactively, generates all the required files and the certificate after providing challenge value for DNS TXT record and succesfully reading the DNS record.sudo nano /etc/apache2/sites-enabled/nextcloud.confEdit to look like this, certbot provides these locations SSLCertificateFile /etc/letsencrypt/live/yourNCP.domain.tld/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/keys/0000_key-certbot.pemsudo nano /var/www/nextcloud/config/config.phpEdit config.php trusted_domains array by replacing the localhost in 0 => ‘localhost’ with yourNCP.domain.tld:portsudo service php7.0-fpm restartTo restart php7.0-fpmsudo service apache2 restartTo restart apache2
You should now be able to access your NCP at https://yourNCP.domain.tld:portnr
I have my test NCP running on port 2443external/443internal, so I have a NAT/port forward accordingly. You are free to access your NCP on any port, now that domain and certificate are verified and installed.