Cant create a SSL certificate for Nextcloud using Certbot

I have the manual installation of Nextcloud (latest) on a Ubuntu 18.04.3 LTS vmware fusion box.
Its all online, but I havent got the SSL certificate certified properly. So as its self-certified, its not working on Google Chrome on other clients, especially via the domain name.

I was able to do this on the snap version with no issues, but since going to the manual installation its just getting stuck.

I have checked the DNS records, and the A record has been dynamically pointed at the IP, and I can use the website domain to get onto my nextcloud too.

But, when using certbot, Im getting this…

Domain: [mydomain].com
Type: connection
Detail: Fetching http://[mydomain].com/.well-known/acme-challenge/xDQi4zFjnD3WQdD_f0iudUmB72LRWfWPdmvxjLbbEI8: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2020-01-10 15:23:54,770:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):

• File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations*
• self._respond(aauthzrs, resp, best_effort)*
• File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond*
• self._poll_challenges(aauthzrs, chall_update, best_effort)*
• File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges*
• raise errors.FailedChallenges(all_failed_achalls)*
  certbot.errors.FailedChallenges: Failed authorization procedure. [mydomain].com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://[mydomain].com/.well-known/acme-challenge/xDQi4zFjnD3WQdD_f0iudUmB72LRWfWPdmvxjLbbEI8: Timeout during connect (likely firewall problem)

2020-01-10 15:23:54,770:DEBUG:certbot.error_handler:Calling registered functions
2020-01-10 15:23:54,770:INFO:certbot.auth_handler:Cleani

Does anyone know how to fix this? Or have another solution to get the SSL certificate done properly?

do you have anything like this add_header Strict-Transport-Security "max-age=15768000 in your web server conf?

Just trying to work out that acme.sh script, but getting a fair few permission errors.
And for some reason after my first try, im getting this:

:~/.acme.sh$ acme.sh
acme.sh: command not found

Not sure if its because the permissions on the /var/www/html/nextcloud are for www-data

./acme.sh

if . is not in your search path.

Thanks for that, totally missed it.
So its got this error on the attempt:

[Fri Jan 10 17:31:18 GMT 2020] [domainname].com:Can not write token to file : /var/www/html/.well-known/acme-challenge/-xvyDcxGbhYIXi3Sh-2b5iODYi1fFQeYsZMi-fIPFT8

Is that a permissions fault? I dont suppose you know the commands to fix it?

not got that STS line in my .conf btw. Should I have it in?

Looking further into this, could it be because port 80 is redirected to 443? I have tried turning this off in the nextcloud.conf and if I try the site again I get an error if I use http site.

But if I use the curl command, it says failed to connect. Did I disable port 80 entirely somewhere?

to find out if letsencrypt is working at all try the standalone server build into acme.sh. your webserver has to be stopped.