Certificate errors

Hi All,

I’m new to nextcloud and relatively new to Linux. I have managed so far to build the server, and install. I set it up via Snap.

I’m having some issues with Nextcloud SSL Cetificates. This is the error i get:

**********:~$ sudo nextcloud.enable-https lets-encrypt
[sudo] password for ********:
In order for Let’s Encrypt to verify that you actually own the
domain(s) for which you’re requesting a certificate, there are a
number of requirements of which you need to be aware:

  1. In order to register with the Let’s Encrypt ACME server, you must
    agree to the currently-in-effect Subscriber Agreement located


    By continuing to use this tool you agree to these terms. Please
    cancel now if otherwise.

  2. You must have the domain name(s) for which you want certificates
    pointing at the external IP address of this machine.

  3. Both ports 80 and 443 on the external IP address of this machine
    must point to this machine (e.g. port forwarding might need to be
    setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): ******
Please enter your domain name(s) (space-separated): cloud.domain.com Attempting to obtain certificates… error running certbot:

Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.l og
Plugins selected: Authenticator nextcloud:webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.domain.com
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains .
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. cloud.domain.com (http-01): urn:acme:error:d ns :: DNS problem: NXDOMAIN looking up A for cloud.domain.com

  • The following errors were reported by the server:

    Domain: cloud.domain.com
    Type: None
    Detail: DNS problem: NXDOMAIN looking up A for cloud.domain.com

for me it looks as if your “forwarding” to your instance isnt setup correctly

too bad you didn’t provide any more infos about how and where you hosted your instance.

Thanks for the reply - We are looking into that at the moment - Just have a few key people are off today…

As I’m new to Nextcloud - What else could i have submitted that would help?

it is not a nextcloud problem. This is a problem between letsencrypt and SNAP.

You better refer to the snap project or the letsencrypt project.

Bad config for your domain.

Certificate issuance for internal DNS names is something CAs aren’t allowed to do. Additionally, in order to obtain a SSL certificate from Let’s Encrypt, your domain needs to either:

  • Be available from the public internet on port 80 (http-01) or 443 (tls-sni-01)
  • Have a TXT record with a specific token in place (dns-01; not yet available with the official client)
1 Like