Can´t generate certificate with certbot


I´ve tried it with my own installation and with the one from tech&me.
I got always the same error.
What´s the reason ?
On my older version 12 it worked 2 month ago, but now not on the old, and also not on the new version 15.

Try to surf to that http URL manually and see what happens ? Ideally you do this from outside your LAN. If it works well, you should see a 1 line “webpage” with that displays a string of letters and numbers. If not, dig into apache logs ?

It´s a guided Nextcloud vm by T&M Hansson IT (https://shop.hanssonit.se).
So there shouldn´t be wrong anything in the installation or configuration.

When I´m calling the address prezetak.ddns.net I got the answer, that it takes to long time to reach the website.
On prezetak.ddns.net - Make your website better - DNS, redirects, mixed content, certificates I got these comments:

The vm runs on Hyper-V of Windows Server 2016.
I´ve bought it here Nextcloud VM – Microsoft Hyper-V – T&M Hansson IT , because I had problems with my own installation and the funny thing was, that no one was generating the certificate.

So, it should be a problem in Hyper-V, because nothing was changed in the router configuration.

Make sure you are using port 80 when using certbot.
After it’s finished change to port 443.
This is you are using port forwarding on a router to your Nextcloud box

Where I can edit this ?
According to the script it´s necessary to have port 80 and 443 forwarded.
script
But later in the procedure I got the message, that 443 is not open. But in my router I have forwarded the port 443.

Can you reach the VM on http / https over LAN IP ? If not, check firewall on VM / hyper-V. Otherwise check port forwarding on the router for both 80 and 443.

Also, does your ISP allow incoming port 80 / 443 connections ? You could test this by running a website on a none privileged port (above 1024).

It´s a little bit confusing what´s happening here:

I´ve switched off the server firewall, even though Hyper-V is approved.
Both ports are open, but now I´m getting this message:


When I´m trying again I´m getting this message:

But at no-ip.com I can´t add a txt-record to my hostname.

So, what can I do next ?
Thanks.

EDIT: I´ve upgraded to an enhanced domain and tried it again.
Still same fault and the txt changes every try

Ok, now I´ve finished the startup script.

But when I´m calling the local IP or the domain I will be redirected to the IIS Windows Server.

It´s driving me crazy. With ESXi it was so easy and with Windows Server always trouble.

Yes, the http / dns will every time be different, as the point of the process is to verify you have ownership of the domain through “control”. So in case of DNS challenge the record should probably have a low TTL.

Sounds like a network issue, with several potential points of failure. I’d suggest working “outside in” : can you reach the router, does portforwarding on the router work, can you reach the hyperv host, can you reach a vm, can you reach apache on a vm, etc. Temporarily disabling potential roadblocks, e.g. make an “exposed host” in your router, disable firewall on the hypervisor + vm, etc. Either read logs, either build test scenarios, or both.

Under /etc/services the port 80 is shown for http and 443 for https.
With netstat -tulpen I can see 80+443 only at tcp6, not tcp.
Forwarding works, because I was able to generate a certificate since I´ve forwarded 80+443 for the server LAN port. In the script I got the message, that 80+443 are open.
When I´m calling http://mydomain website not reachable, local IP is not working, because it´s forwarded to the domain.

I think I have to check all apache2 conf-Files.
Normally they must be right because of the automatic setup script.

Ok, I´ve found out, that forwarding was disabled on the network interface. No it´s enabled and IIS is uninstalled.
Website not reachable !

Nmap scan report for localhost (127.0.0.1)
Host is up (0.000017s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
5432/tcp open postgresql
10000/tcp open snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 1.70 seconds

The fault was so stupid.
When Nextcloud was installed on ESXi I could call the cloud directly by the domain.
Now when Nextcloud is running on Windows Server 2016 I need to use the port:
https://mydomain:0815

It was working the whole time :rofl::rofl:

Thanks a lot for your effort.

1 Like

Sorry, didn’t see this until now.

Glad it finally worked out for you. :slight_smile: