Certbot Schlägt fehl

Bei meiner Installation schlägt immer wieder Zertifizierung fehl, und ich weiß nicht was falsch läuft.

Hier der versuch das Zertifikat zu erneuern

root@cloud:/# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: nextion ddns net


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nextion.ddns.net
Waiting for verification…
Challenge failed for domain nextion ddns net
http-01 challenge for nextion ddns net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: nextion.ddns.net
    Type: unauthorized
    Detail: Invalid response from
    https://nextion.ddns.net/index.php/login [87.132.225.220]:
    "\n<html class=“ng-csp”
    data-placeholder-focus=“false” lang=“en” data-locale=“en”

    \n\t<head\n data-requesttoken=“9SgD”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

Hi @daniy00

I don’t think that it is possible to use ddns.net or any of their domains that come with their free plan with Let’s Encrypt.

There are basically two ways to solve this problem:

  1. use a paid plan from No-IP, in which a SSL certificate is included.

  2. register your own domain name and then set a CNAME record for cloud.yourdomain.tld to nextion.ddns.net.

it worked for over a year until the update to Nextcloud 21

was there a change in any kind that this in´t working anymore?

Hmm… then I may have been mistaken. But I am pretty sure that other users here in the forum already had problems with Let’s Encrypt and NO-IP domains… Please search in the forums or try to google the issue…

If you come to the conclusion that it should work with NO-IP, we would need more details about your general setup, especially your webserver configuration to be able to help. The issue is not directley related to Nextcloud. Maybe indirectly, if you for example use the Snap package or a Docker image, which includes all commponents including web server etc…

Based on the given error message I would assume that the usual request from the Let’s Encrypt backend server to “http://nextion.ddns.net/.well-known/acme-challenge”, which doesn’t allow any authentication, is being redirected to yor Nextcloud login page “https://nextion.ddns.net/index.php/login”.

The general request uses “http” (port 80/tcp) and couldn’t be redirected to “https” (port 443/tcp) , especially not if an outdated certificate is used. So make sure that an inbound port 80/tcp is accessible over the internet to request the ACME challenge.

1 Like