error getting lets encrypt cert on install of aio

ℹ️ Support
, , , , , ,
1
  • Nextcloud Server version (e.g., 29.x.x):
    • Nextcloud AIO v9.8.0 using the official image and docker-compose.yaml from nexrcloud.
  • Operating system and version (e.g., Ubuntu 24.04):
    • running in portainer on Ubuntu 24.10
    • No reverse proxy, cloudflare tunnel etc
    • using domain from duckdns
    • opened port 443, 80 and 8443 in the router firewall and forwarded to the ubuntu host where the docker containers are setup.

When installing nextcloud the domain check always fails. If i skip it I can install nextcloud but when I try to launch it I cannot connect.

I setup a local dns based on the error message about port 443 not being open that I receive when I try to open nextcloud from the installation screen. I created a dns entry pointing the duckdns domain to the ubuntu host but this gets a cert error.

#### Nextcloud
ERR ts=1732385305.8577752 logger=tls.obtain msg=could not get certificate from issuer identifier=xxxxxxxx.duckdns.org issuer=acme-v02.api.letsencrypt.org-directory error=HTTP 403 urn:ietf:params:acme:error:unauthorized - 69.69.69.69: Invalid response from http://xxxxxxxxx.duckdns.org/.well-known/acme-challenge/jXZXKuhN9KdfdzRibAzqw2Z80-VdU_nHq_F7v1XRTyA: 404
ERR ts=1732385305.8578382 logger=tls.obtain msg=will retry error=[xxxxx.duckdns.org] Obtain: [xxxxxx.duckdns.org] solving challenge: xxxxx.duckdns.org: [xxxxxx.duckdns.org] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - 69.69.69.69: Invalid response from http://xxxxx.duckdns.org/.well-known/acme-challenge/jXZXKuhN9KdfdzRibAzqw2Z80-VdU_nHq_F7v1XRTyA: 404 (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=2 retrying_in=120 elapsed=63.096194896 max_duration=2592000.

duckdns points to my correct wan ip - I have another duckdns domain poiting to the same ip for another system running on a vm on another port and that connects fine.

localdns is running on pihole in a docker container on the same ubuntu host. I have opened ports 80,443, 8443 plus dhcp etc in the ufw firewall. pihole is correctly assigning ips to all devices on my network an dseems to be functioning correctly.

2

There are a variety of failure messages when validation fails. Which ones precisely are you seeing?

3

Thanks for the reply, The exact message is The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. You can work around that by setting up a local DNS-server.