I have installed Nextcloud, via the Ubuntu install process, on a server in my office. To reach this server externally I utilize Dyndns as a dynamic dns. In the config file I added the domain I am using so it reaches it correctly. All is well on port 80.
However, when I try to enable SSL it fails to connect any longer on 443. I enable thus:
sudo nextcloud.enable-https lets-encrypt
When it asks the name of the domain, I put in that which is set in my dyndns e.g. ‘mydomain.this.org’
Here are responses/log items:
Doing a wget gives me:
ERROR: certificate common name 'domain.name.org' doesn't match requested host name '127.0.0.1'.
Apache logs give me:
[Wed Nov 20 22:56:22.352350 2019] [ssl:warn] [pid 19948:tid 139796757780352] AH01909: data_server.lan:443:0 server certificate does NOT include an ID which matches the server name
Using Openssl s_client connection it returns:
OpenSSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number Unable to establish SSL connection.
I have tried different firewall configs (allowing, etc). I also have port 80 and 443 forwarded through my router (Openwrt/LEDE).
Is your router directly connected to ISP or is there another router from the provider first? All routers in the chain will need the port forwarding set.
apache/apache2 is not controlled in this manner. As I installed Nextcloud during the Ubuntu install process, it installed it all via snap. So, when you issue the command:
nextcloud.enable-https
With lets-encrypt after, then it sets up all the certs and other config, then restarts apache.
Yeah, its been interesting for me with the snap setup. Almost to the point of starting over and installing via the install guide instead of the ubuntu tool.
I’d be interested if you start over how it goes. I’ve never had any issues installing nextcloud via the Debian server install guide. I have it running at seven different sites. The SSL part has always been simple to setup
One thing to note, in case it would make a difference, my certbot command is to create a cert for a subdomain. As I use dyndns, I am only allowed a subdomain. Certbot creates it fine with the command: