Setup CDN SSL Certificate For Nextcloud

How To Setup CDN SSL Certificate On Rapid.Space Panel

If you didn't use a custom domain (by letting the field "Custom Domain" empty), your automatically allocated domain is already setup for both http and https access.

If you used your own custom domain for the frontend, after you finished the steps above, you can only use http to access your website with disabling "HTTPS only" parameter on panel. That is http://xxx.yyy.zzz, if you want to enable HTTPS on your domain, you need some extra steps. Here we will rely on Letsencrypt and  Cerbot to obtain a HTTPS certificate. 

Point the domain to the proper IP address

Login to the website which you purchased the domain. No matter which provider you used to buy your domain, it should have a website to configure it. Change its DNS configuration:

  • If you selected out frontend in China, add one or more "A" record to your domain using the following IPv4 addresses of our frontends:
    • 218.98.48.186 (in China Unicom network)
    • 36.156.83.221 (in China Mobile network)
    • 218.91.237.26 (in China Telecom network)
  • If you selected our frontend outside China, add "CNAME" record to your domain:
    • hnode.cdn.vifib.com

Now wait for 5-10 minutes for the DNS confguration to propagate worldwide. 

Obtain a TLS certificate from Let's Encrypt

Install acme.sh.

sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh 
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail your_email@example.com
cd ~
source ~/.bashrc

Check the version.

/etc/letsencrypt/acme.sh --version
# v2.8.2

Configure /etc/apache2/sites-available/xxx.yyy.zzz.conf

<VirtualHost *:80>
    ServerAdmin your@email.com
    ServerName cloud34.infiniteconnection.fyi
    ServerAlias hnode.cdn.vifib.com
    DocumentRoot /var/www/html/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Let’s use a2ensite to enable the site configuration file.
sudo a2ensite xxx.yyy.zzz.conf
And to avoid the conflict, let’s disable the default site configured by 000-default.conf
sudo a2dissite 000-default.conf
Now we can test simply the configuration files (Only syntax).
sudo apache2ctl configtest
The output:
Syntax OK
Restart your Apache to apply the configuration.
sudo systemctl restart apache2 

Enable HTTPS With Cerbot 

In order to enable the https access, aka https://xxx.yyy.zzz , you need a HTTPS certificate. Many companies can provide it to you. Here we are going to use Cerbot because it gives you HTTPS certificate for free (but the certificate is valid only for 3 months so after 3 months you should renew it). You can find the instructions of Cerbot according to your web server and operating system: For example, If your Nextcloud is running Apache On Debian 10, you can simply follow https://certbot.eff.org/lets-encrypt/debianbuster-apache.

Turn off RewriteEngine 

One you generate a HTTPS certificate, there will be a rewrite engine enabled in your configure file(/etc/apache2/sites-available/xxx.yyy.zzz.conf). Please set RewriteEngine to off otherwise, your website will be redirected several times and failed at the end. 

Fill [DEPRECATED] SSL Certificate and Key Field

Once certbot has run successfully, you will get two files: /etc/letsencrypt/live/xxx.yyy.zzz/fullchain.pem and /etc/letsencrypt/live/xxx.yyy.zzz/privkey.pem

In your frontend service, there are fields "[DEPRECATED] SSL Certificate" and "[DEPRECATED] SSL Key". Put the certificate ("fullchain.pem") content in the field "[DEPRECATED] SSL Certificate" and the key ("privkey.pem") content in "[DEPRECATED] SSL Key". 

As long as you can reach your HTTPS website, you can set "HTTPS only" back to "true".

Thank You

  • Nexedi SA
  • 147 Rue du Ballon
  • 59110 La Madeleine
  • France
  • +33629024425

For more information, please contact Jean-Paul, CEO of Nexedi (+33 629 02 44 25).