How to have nextcloud accessible with DDNS using Ubuntu Server, installed from command line

Hey all, I’ve currently got nextcloud function as a lan server basically. I’ve got it installed successfully using the command line instead of snap on a headless ubuntu server(v 18.04), but the idea was to replace onedrive for my needs, so I could have a backup of files on both my computers file directory, and the server, so if one fails i don’t lose files, but also, so the files can be accessed on the go from a laptop, or my phone using the nextcloud app. My computer is running Manjaro KDE. So far, if I go to “” it works, if I’m on the same network.
To have it be accessible on WAN I tried a bunch of rabbit holes I found online but none of them worked and I don’t actually know yet if it’s that I’m performing steps incorrectly, or if it’s misuse of a tool, or something malfunctioning. I tried using my ASUS router to set up port forwarding on both port 443 & 80, as they don’t appear to be blocked by xfinity. I tried using a built in DDNS option on the router where the “website” would be, and I tried using that as and I did go into the config file to add a 1 as the new ddns but that still didn’t work
0 =>
1 =>
So now I’m hoping someone can give me an idea as to what I don’t need to do that I’ve done, and what to look at for guidance.

Nextcloud version (eg, 18.0.2): 19.0.1
Operating system and version (eg, Ubuntu 20.04): Ubuntu Server 18.04
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.29 (Ubuntu)
PHP version (eg, 7.1): PHP 7.2.24-0ubuntu0.18.04.6

The issue you are facing: Unable to access on WAN

Is this the first time you’ve seen this error? (Y/N): Yes, it’s the first time I’ve tried

Steps to replicate it:
Not really sure what I’d put here

The output of your Nextcloud log in Admin > Logging:

[PHP] Error: touch(): Utime failed: Permission denied at /new-pool/nextcloud/nextcloud/lib/private/Config.php#242

PROPFIND /nextcloud/remote.php/dav/files/jamess7995/
from at 2020-08-19T18:42:37+00:00

Interestingly, there’s a lot of errors on that logging section, but things are working on lan?

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => 'ocrvae6474z2',
  'passwordsalt' => '3XCTXcUV1zhvoaf1n5Kwd//RUzCLJy',
  'secret' => 'OPqGXZo70Fxbb02lvUeNjedb+Kuycm+oShhhWvdh8nc6/WZy',
  'trusted_domains' =>
  array (
          0 => '',
          1 => ''
  'datadirectory' => '/new-pool/nextcloud/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'ncadmin',
  'dbpassword' => 'semaj123',
  'installed' => true,

The output of your Apache/nginx/system log in /var/log/____: - jamess7995 [19/Aug/2020:06:25:12 +0000] "MKCOL /nextcloud/remote.php/dav/uploads/jamess7995/898435181 HTTP/1.1" 201 578 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:09 +0000] "PUT /nextcloud/remote.php/dav/uploads/jamess7995/3852132001/00000000 HTTP/1.1" 201 760 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:19 +0000] "PUT /nextcloud/remote.php/dav/uploads/jamess7995/898435181/00000000 HTTP/1.1" 201 759 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:09 +0000] "PUT /nextcloud/remote.php/dav/files/jamess7995/Music/James/Kanye%20West/Graduation/Champion.mp3 HTTP/1.1" 201 902 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:19 +0000] "MOVE /nextcloud/remote.php/dav/uploads/jamess7995/3852132001/.file HTTP/1.1" 201 901 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:21 +0000] "MOVE /nextcloud/remote.php/dav/uploads/jamess7995/898435181/.file HTTP/1.1" 201 901 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:24 +0000] "PUT /nextcloud/remote.php/dav/files/jamess7995/Music/James/Kanye%20West/Graduation/Everything%20I%20Am.mp3 HTTP/1.1" 201 901 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:26 +0000] "PUT /nextcloud/remote.php/dav/files/jamess7995/Music/James/Kanye%20West/Graduation/Flashing%20Lights.mp3 HTTP/1.1" 201 901 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:26 +0000] "PUT /nextcloud/remote.php/dav/files/jamess7995/Music/James/Kanye%20West/Graduation/Good%20Life.mp3 HTTP/1.1" 201 901 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)" - jamess7995 [19/Aug/2020:06:25:28 +0000] "PUT /nextcloud/remote.php/dav/files/jamess7995/Music/James/Kanye%20West/Graduation/Good%20Morning.mp3 HTTP/1.1" 201 901 "-" "Mozilla/5.0 (Linux) mirall/3.0.0git (build 3293) (Nextcloud)"

The basics of what you need to make this work are:

  • A DNS record (preferably one you own, but can be DDNS)
  • TCP ports 80 and 443 forwarded to Nextcloud
  • Certbot installed and configured and point to two different IPs. Which one is yours?

May i add another requirement:

Some providers give pooled or nated ip addresses to their users and you have no way to port forward from your public ip, so you also need unique public ip. If it is a dynamic one, you need ddns.

I think it is a dyndns service.

Personally i use . You can use different domain suffixes.

If you have an own domain you can map e.g. with CNAME to the dyndns name and then configure nextcloud and Lets Encrypt for your sudomain name. That looks better than the dyndns name.

I’ve set up the port forwarding using ip address of the server being
I’m gonna be able to try the other suggestions later today

You just helped me realize i didn’t type in 7995 inn the config file, but I don’t think that’s gonna be enough to fix it but with the other steps, hopefully.

I’ve done this within the router so that’s been done with that

Have done the port forwarding on the router previously

I tried that following this how to, but when I got to:
Now, we can run Certbot tool with the webroot plugin and obtain the SSL certificate files by typing:
sudo certbot certonly --agree-tos --email --webroot -w /va

I got this error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Timeout during connect (likely firewall problem)


  • The following errors were reported by the server:

    Type: connection
    Detail: Fetching
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

I think the command you want here is sudo certbot --apache

This is suggesting that either the port forwards are not working, or the DNS record is incorrect.

Verify that resolved to your correct IP address.


Verify you can access both and from outside your network.

Using any generic ip lookup site, returns mu public ip address

I get the below output


Non-authoritative answer:

So that makes sense to me so far, and makes me think it should be working, but

Trying to get to those, I get a long loading bar that eventually times out, when I’m on the network, I’m able to get to an index page this artticle just told me to make, for setting up a webhost on apache, but only using the local ip, using external does nothing but in stanttly fail which is different from when im off the network.

Are you sure your “public ip” really is a public ip? As i ,entioned before, due to ip shortage in ipv4 many providers give out pooled adresses. Then you can port forward what you want because the public ip on the internet side is not under your control. You can check this in your modem’s config page, if that shows your ip being different from what you see when going to

Certbot won’t work until your port forward is working, so take care of that first. Either something is wrong with the setup, or you may be behind ISP NAT as FadeFx mentioned in which case you can’t use it to host a server.

maybe your ISP block ports under 1024. In my case, i solved using dnsmasq for the internal network, no-ip for DDNS, my FQDN registerd and having it’s dns servers pointing to no-ip and a nextcloud port 5100. So, from outside, i reach with https://nextcloud.fqdn:5100 and from the intenal network, also the same.

My route have the port foward 5100 to 5100 and nextcloud listen to 5100 port.