I am trying to figure out whether it’s possible to selfhost nextcloud without a bought domain through managed-dns. I have created an example.com domain that I can access locally, but I want to make it public outside my network. I’ve started by creating a static ip address on my server, but I’m not sure how to use desec dns for this. I am aware of this GitHub - desec-io/certbot-dns-desec: Let's Encrypt Certificates for Domains Hosted at deSEC project. Is there a way to achieve this with certbot?
Hi @kiwi1,
No Let’s Encrypt only Domain Validate registered domain name.
Without certbot? Also would that be possible with dynDNS (if it was available)?
Yes; there other ACME Clients here is a partial list ACME Client Implementations - Let's Encrypt and some more information here https://acmeclients.com/
Yes.
Also assuming there is a domain name that Let’s Encrypt could validate, for a one the only accessible locally one would need to us the DNS-01 challenge of the Challenge Types - Let's Encrypt.
This link maybe of uses as well How can I use Let's Encrypt to make internal certs? - #2 by Bruce5051 - Help - Let's Encrypt Community Support
And see this too Tools implementing deSEC
With either tool, there will be a step equivalent to:
"Set your API token (password) by generating one from your account on desec.io. It’s also a good idea to restrict the IPv4 / IPv6 address(es) it can be used from.
export DEDYN_TOKEN=“”
The problem is that I cannot find the token on the desec site. Where is it hidden if not under the token administration that shows nothing?
To add a new Token use TOKEN MANAGMENT and click on the + on the right side in the orange/yellow circle.
1 Like
Hosting Nextcloud at home should be possible. It is a web service I believe.
Hosting it without a bought domain is a different issue.
- Nextcloud will want HTTPS, so you’ll need a TLS certificate. You may get away with using a self-signed certificate if you can arrange all of your clients to trust that certificate. But it would work much smoother with a real certificate, e.g. from Let’s Encrypt.
- If you want access from outside your LAN (or even just a real certificate), you will need a hostname that resolves to the public IP of the web server. Whether that hostname is on a bought domain or not, makes little difference. There are some services that offer free hostnames/subdomains for DDNS for example. Note: deSEC had that capability and may have it again in the future. It was deactivated due to misuse. But currently you’d need to look elsewhere or register a real domain.
- Depending on your Internet connection you probably don’t have a static public IP at home. So you would need to update the DNS server with your current public IP whenever it changes. This is what DDNS (Dynamic DNS) is used for.
- Your router must forward packets from the Internet to your web server ports (80, 443) to the host on the LAN that is actually running the Nextcloud web server. How this is configured depends on your router and on whether you are using IPv4 or IPv6.
You can create any domain (zone) you want on a local nameserver. But that will not work outside your LAN. You need a properly registered domain or a service that offers subdomains on such a registered domain. DNS is distributed database and your local nameserver is not a part of the public DNS hierarchy. Also your clients would need to use your local nameserver instead of the resolver generally provided by the Internet router to see your local zones at all.
Unless your static ip address is a public one that is routed to your Internet router that will only work on the LAN.
deSEC provides DNS services. So you could, in theory, create A or AAAA records with local IPs. (Though I don’t think that is recommended.) But they will not help you because anyone outside your LAN would not be able to use these IPs to access your Nextcloud server.
Once you have a hostname that resolves to your public IP, and your router forwards packets on ports 80 and 443 to your Nexcloud server, you can use e.g. Certbot to create a certificate. It does not solve the other problems.
HTH
fiwswe
1 Like
Oh, I didn’t realize Nextcloud is a service provider; wrongfully assumed it was a web server or such.
Thanks! @fiwswe for the correction. 
I don’t know whether Nextcloud is also a service provider. But the question was about hosting the service at home, which is generally possible. To my knowledge it is indeed a web service.
So I think you misunderstood my reply or I wasn’t clear enough 
fiwswe
1 Like