Nextcloud via Wireguard - what SSL do I need to setup?

I use Wireguard a lot. And prefer connecting to my PI and Home network to use services instead of exposing more ports. As well as using it from hotels, etc.

Currently I only do small things like KODI, etc.

I now want to install NextCloud. I notice instructions for SSL and leaving common port numbers 80 and 443 open at the firewall for LetsEncrypt to autorenew. That makes me nervous.

As I plan to always connect via VPN do I actually need this for NextCloud as I’ll always be inside my home network to access it?

OR: In my CPanel account of the shared hosting I rent I see SSL cert details for the subdomain I point at my house. Can I make use of these instead of LetsEncrypt? I’ve tried to make sense of them before but can never find instructions I can understand as to their use.

If you use VPN, you don’t have to open ports in the firewall, SSL is useful when you don’t connect via VPN, but if you have a website exposed, e.g. using a reverse proxy. if you have a well configured vpn (well encrypted communication) I don’t think you need SSL (only if you want this annoying information to disappear from the browser with a dangerous site)

Theoretically you don’t need to enable SSL/HTTPS if , you use it inside your local network/ via VPN only. However there might be some calendar or contact synchronization apps that might require SSL strictly. But this depends on individual app and use cases.

That sounds good. I am only really after the file sync side. Instead of OneDrive to sync a few important items from a laptop.

I’ll go for the “dive in and break it” attempt at the weekend and see how far I get.