I use cryptfs, gocryptfs specifically, to do client side encryption of files before I sync them through nextcloud. This is a splendid, simple solution that hasn't failed me so far. Sometimes you end up with a file that just does not want to sync, normally it isn't a problem, nextcloud notifies you, you get the filename, rename and away it goes. But when the filenames are obfuscated through gocryptfs you have to figure out what the obfuscated filename translates into before you can rename the actual file. Let's say the file that does not want to sync is called: SMHS6mV0Nf34Sd0nAt8vDG Go to the encrypted directory and execute: find ./|grep SMHS6mV0Nf34Sd0nAt8vDG That will yield the full path of the file. Execute: ls -i ./media/V0Nf34Sd0nAt8/FlkfkldfFklfdFL/SMHS6mV0Nf34Sd0nAt8vDG That'll yield the file's inode, let's say it's 50209399. Now go to the unencrypted, mounted directory and execute: find ./ -num 50209399 That's the file that is having issues with syncing through nextcloud. Rename it to something less esoteric and you're done.