Can't configure letsencrypt cert on nginx reverse proxy for Nextcloud

This is my first post here, please let me know if there is a better place to put this. Thank you in advance for your help.

I am running multiple applications on my network behind a reverse proxy, each running on their own VPS, all accessed via DDNS. All of this so far has been working fine for over a year now. I am currently trying to setup access to nextcloud in the same manner. So I installed nextcloud via snap on it’s own installation of Ubuntu 18.04. I updated the config.php and added my reverse proxy’s IP address, and the subdomain/domain to the list of trusted proxies. I am able to successfully navigate to my nextcloud instance via the computer’s IP address, and domain name. I am also able to successfully navigate to the instance via my subdomain/domain combo when I use my hosts file to redirect to my proxy, so I know that my reverse proxy is routing properly. Additionally, my DDNS setup is fine. Checking both ping, and dnschecker.org/ shows that my subdomain is resolving correctly to the IP address I expect.

At this point, if I try to run letsencrypt, I get errors:

Failed authorization procedure. subdomain.domain.com (http-01): 
urn:ietf:params:acme:error:connection :: 
The server could not connect to the client to verify the domain :: 
Fetching http://subdomain.domain.com/.well-known/acme-challenge/<hash here> 
Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: subdomain.domain.com
   Type:   connection
   Detail: Fetching
   http://subdomain.domain.com/.well-known/acme-challenge/<hash here>
   Timeout during connect (likely firewall problem)

I can provide additional details as well. But I have tried everything I can think of to get this to work, and have had no success so far. Any suggestions would be greatly appreciated.

the ssl termination doesn’t happen at your reverse proxy? that web server should be configured to have the ssl cert. or?

SSL termination is happening at the proxy. I have had letsencrypt handle the certs for each application. It generates a unique cert for each.

could you be more precise about that? you run certbot on your reverse proxy? or did you try to use snap to create a certificate on your nextcloud host?

I am running certbot on my reverse proxy. I am not too sure what info could help diagnose this, but let me know and I will be happy to provide it.

did you configure that page in your nginx config? you should find a line like this: location ^~ /.well-known/acme-challenge in your config.

I did not. I have not had to add an entry like that in any of my other site’s configs either.

@Reiner_Nippes If I am running NGINX on a separate computer from where I am running NextCloud, how can I configure the location directive to support the acme-challenge? Or is that not even an option?

nextcloud is not involved.

you only have to configure the nginx reverse proxy to provide this location. that’s where letsencrypt/certbot is running. and your dns is pointing to.

or?

Thank you. That was the piece of information I was missing. Thank you for being patient with my networking noob-ness.