I can't run certbot

When i acces my nextcloud in the web https://feloabi.cloud there is a error code 401 and it leads me to the website https://feloabi.cloud/error.html

What can I do?

You’ll need to provide more details.

The error.html though doesn’t sound like Nextcloud.

Can you provide more details about your Nextcloud deployment? How is it installed? When did you last access it successfully?

What version?

What web server? What OS?

Do you have a reverse proxy in front of it?

What is the most recent entry in your nextcloud.log? etc.

check your maintenance is off

nextcloud.occ maintnance:mode off

So my NextCloud is configurated with the domain: feloabi.cloud

It is Installed with Debian and I never sccessed it successfully because i can‘t. Even in my own Network!

I have the newest version. I started it yesterday and asked in let‘s encrypt community and they said i did everything right this problem is with nextcloud so they said i need to ask here.

I don’t know if I have a reverse Proxy. I only have a VPN installed, Nextcloud and Let’s Encrypt.

my nextcloud.log:
There is nothing, or i can’t find it. Because my Logs are in error.log and access.log but i don’t have nextcloud.log

Again:

  • What installation method? How, precisely, did you install Nextcloud (there are multiple installation methods)?

I#m sending you the text from different Websites that a got:

Sure, here’s the translated version in English:

Install and Configure SSH on Debian

  1. Log in as root:

    su -
    
  2. Install SSH:

    apt update
    apt install openssh-server
    
  3. Start and enable SSH service:

    systemctl start ssh
    systemctl enable ssh
    
  4. Install and Configure Sudo:

    Install Sudo:

    apt install sudo
    

    Add user to sudo group:

    usermod -aG sudo your_username
    

Connect from Windows PowerShell

  1. Open PowerShell and connect:
    ssh your_username@debian_server_ip
    

Install Nextcloud

  1. Install prerequisites:

    Install Apache, MariaDB, PHP, and required PHP modules:

    sudo apt update
    sudo apt install apache2 mariadb-server libapache2-mod-php php php-mysql php-xml php-mbstring php-zip php-gd php-curl
    
  2. Set up the database:

    Secure and configure MariaDB:

    sudo mysql_secure_installation
    

    Create Nextcloud database:

    sudo mysql -u root -p
    CREATE DATABASE nextcloud;
    GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'your_password';
    FLUSH PRIVILEGES;
    EXIT;
    
  3. Download and set up Nextcloud:

    Download and extract Nextcloud:

    cd /var/www/
    sudo wget https://download.nextcloud.com/server/releases/nextcloud-24.0.4.zip
    sudo unzip nextcloud-24.0.4.zip
    sudo chown -R www-data:www-data /var/www/nextcloud
    sudo chmod -R 755 /var/www/nextcloud
    
  4. Adjust Apache configuration:

    Create and edit Apache configuration file:

    sudo nano /etc/apache2/sites-available/nextcloud.conf
    

    Add the following content:

    <VirtualHost *:80>
        DocumentRoot /var/www/nextcloud
        ServerName feloabi.cloud
    
        <Directory /var/www/nextcloud/>
            Options +FollowSymlinks
            AllowOverride All
            <IfModule mod_dav.c>
                Dav off
            </IfModule>
            SetEnv HOME /var/www/nextcloud
            SetEnv HTTP_HOME /var/www/nextcloud
        </Directory>
    </VirtualHost>
    

    Restart Apache:

    sudo a2ensite nextcloud.conf
    sudo a2enmod rewrite headers env dir mime
    sudo systemctl restart apache2
    

Configure External Access

  1. Set up port forwarding on your router:

    FritzBox:

    • Open FritzBox web interface: Navigate to http://fritz.box.
    • Log in: Sign in.
    • Set up port forwarding: Go to Internet > Freigaben > Portfreigaben and click on Gerät für Freigaben hinzufügen.
    • Add rules: Select your Debian server and add a port forwarding rule for port 80 and 443.

    TP-Link:

    • Open TP-Link web interface: Navigate to http://tplinkwifi.net.
    • Log in: Sign in.
    • Set up port forwarding: Go to Forwarding > Virtual Servers and add a new rule.
    • Add rules: Select your Debian server and add a port forwarding rule for port 80 and 443.

Security

  1. Configure firewall:

    Install and configure UFW:

    sudo apt install ufw
    sudo ufw allow OpenSSH
    sudo ufw allow 'Apache Full'
    sudo ufw enable
    
  2. Set up SSL/TLS with Let’s Encrypt:

    Install Certbot:

    sudo apt install certbot python3-certbot-apache
    

    Set up SSL certificate:

    sudo certbot --apache
    

This should guide you through setting up and securing your Debian server with SSH, Nextcloud, and proper firewall configurations.

And here you have the error code that i got:

feloabi@DebianCloud:~$ sudo certbot --apache
[sudo] Passwort für feloabi:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.


1: feloabi.cloud


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Requesting a certificate for feloabi.cloud

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: feloabi.cloud
Type: unauthorized
Detail: 212.46.176.133: Invalid response from http://feloabi.cloud/.well-known/acme-challenge/BWmbBg4eCpUClaGcDHU0KiNXd73l3Lfh0tNFwvvW_7A: 401

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

So this is when i Request a certificate for apache that I can access my NextCloud from everywhere

So a couple things:

  • You must be following an ancient third-party tutorial because Nextcloud v24 hasn’t been a supported version for a long time
  • You haven’t actually installed Nextcloud yet so that isn’t a Nextcloud matter (I would install it before you try to add an HTTPS certificate and expose it to the outside world; though that may not always be an option I admit)
  • Where this is failing is certbot<->Apache. Nextcloud isn’t even in the picture.
  • Is 212.46.176.133 actually the IP address of your server that is running Apache?

You may want to look around for a newer resource for Certbot… or just use their official docs: Certbot Instructions | Certbot (the guide you seem to be following will have you using an older version of certbot, which is not recommended).

Though I just poked around at your provided URL and think I found the root of your problem: From what I can tell, your port forwarding isn’t working. The HTML/CSS code I’m seeing returned appears to be from a TP-Link device. So Apache isn’t involved either. You need to fix that.

How do I install a newer version. Do you have a Website or a tutorial for tath?

I included the link in my response.

Though, as I said, that’s not primary problem.

The primary problem is your port forwarding or something like that. Because the device that responds to port 80 (HTTP) on that IP address is a TP-Link device. It’s not Apache (which is what it needs to be for certbot to work – and for Nextcloud to work for that matter, but that’s sort of academic until you get the basics in place functioning).

If I’ts FritzBox will it work?

No idea, sorry.

But can i do something else than apache? thats working for TP-Link?

The problem isn’t Apache. The problem is your port forwarding configuration on your router(s).

I have talked to that webadress with curl and the problem is, that the internet traffic stays inside of your router. You must configure the portforwarding so that the trafic get forwarded to the server with the apache2 server.

In other words: Your apache2 is invisible from the internet.


ernolf

1 Like

But I have a question. How can I see what Blocks my Port 80 because I get an error code that it is blocked
Screenshot 2024-07-01 233050

You must change the web management port of your router in Remote Management.


With full respect, we all had to go through this at some point, but these are absolutely basic things. If you have absolutely no idea about network issues, you maybe shouldn’t necessarily start running a nextcloud server. You should first, set up a simple Apache server and connect it to the internet. If you can’t get to grips with your tplink router, you should first get used to it until you have mastered it completely. I mean completely, from front to back, from top to bottom.
But you’re in the wrong forum for that.
So first improve your skills a bit until your Apache has a connection to the internet.

So no offense, as I said, we all had to go through that. I once thought that everything is simple and then I found myself standing in front of the router wall as well with portforwardings, NAT, TCP/IP, Networking Subnets etc. Then I started building and programming routers and by the time, we had progressed a good two years, I understood it.
So if you get it done in two days, you can be proud of yourself.


Much and good luck,
ernolf

1 Like

Yes I’m sorry. I’m just very tired and it’s all getting to me because when you make one mistake then the next one comes along;

thank you for your understanding

2 Likes