January 09, 2025
- I recently started setting up Cerbot to automate certificate renewals because I was tired of doing it manually, & I couldn't figure out caddy or traefik proxy.
- After getting Step CA configured in Docker & playing around with that a little bit, I was able to start manually getting new certificates (created a new root CA instead of trying to import my existing) to make sure everything was working. For whatever reason, I had always run my nginx proxies on port 9443 instead of 443, which I believe did give me some problems with the verification needed by Step CA. So while updating my nginx configs to now accept traffic on port 443 for the verification, I also then had to update the certificate being used. For my "servers" that have nginx only (i.e.: Not my Pi-Hole boxes that have Apache too...), the change to 443 was not a problem. I do have some workarounds for the Pi-Hole devices.
- Well, after the above, I tried to start using Nextcloud on 443 but had a problem because it was not a trusted host. I run my Nextcloud instance in Docker, so it wasn't as simple as editing config.php or straight-forward occ commands. This was ultimately how I was able to add another "trusted host":
# Check for the current list of trusted hosts:
docker exec --user www-data <<container_name>> /var/www/html/occ config:system:get trusted_domains
# Add a third trusted host:
docker exec --user www-data <<container_name>> /var/www/html/occ config:system:set trusted_domains 3 --value <<sub.domain.tld>>
# Verify the domain was added:
docker exec --user www-data <<container_name>> /var/www/html/occ config:system:get trusted_domains