Issues with nextcloud apache / ACME certificate request

Hi, I’ve installed Nextcloud AIO on Ubuntu Server 24.04 and got all my docker containers up and running, but it seems like I’m having an issue with Apache.

Below are my Apache container logs.

Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Connection to nextcloud-aio-nextcloud (172.18.0.8) 9000 port [tcp/*] succeeded!
{"level":"info","ts":1716626629.709916,"msg":"using provided configuration","config_file":"/tmp/Caddyfile","config_adapter":""}
{"level":"info","ts":1716626629.7133918,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
{"level":"info","ts":1716626629.714297,"msg":"[INFO][FileStorage:/mnt/data/caddy] Lock for 'issue_cert_example.duckdns.org' is stale (created: 2024-05-25 07:57:43.522739045 +0000 UTC, last update: 2024-05-25 08:36:47.816231221 +0000 UTC); removing then retrying: /mnt/data/caddy/locks/issue_cert_example.duckdns.org.lock"}
[Sat May 25 08:43:49.716311 2024] [mpm_event:notice] [pid 48:tid 131299221277448] AH00489: Apache/2.4.59 (Unix) configured -- resuming normal operations
[Sat May 25 08:43:49.716363 2024] [core:notice] [pid 48:tid 131299221277448] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
{"level":"error","ts":1716626641.8095844,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"example.duckdns.org","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"223.205.77.XXX: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1716626641.8096488,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"example.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"223.205.77.XXX: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1745553672/272416003842","attempt":1,"max_attempts":3}
{"level":"error","ts":1716626641.809686,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"example.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 223.205.77.XXX: Timeout during connect (likely firewall problem)"}
{"level":"error","ts":1716626641.8097415,"logger":"tls.obtain","msg":"will retry","error":"[example.duckdns.org] Obtain: [example.duckdns.org] solving challenge: example.duckdns.org: [example.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 223.205.77.XXX: Timeout during connect (likely firewall problem) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":12.093887903,"max_duration":2592000}
{"level":"error","ts":1716626714.0135944,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"example.duckdns.org","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"223.205.77.XXX: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1716626714.0136395,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"example.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"223.205.77.XXX: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/149480034/16746192284","attempt":1,"max_attempts":3}
{"level":"error","ts":1716626714.0136771,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"example.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 223.205.77.XXX: Timeout during connect (likely firewall problem)"}
{"level":"error","ts":1716626714.0137227,"logger":"tls.obtain","msg":"will retry","error":"[example.duckdns.org] Obtain: [example.duckdns.org] solving challenge: example.duckdns.org: [example.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 223.205.77.XXX: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":84.297868296,"max_duration":2592000}

I’ve already tried checking my port forwarding and they should be open according to my nmap scan.

Starting Nmap 7.95 ( https://nmap.org ) at 2024-05-25 15:24 SE Asia Standard Time
Nmap scan report for mx-ll-223.205.77-XXX.dynamic.3bb.co.th (223.205.77.XXX)
Host is up (0.0015s latency).
Not shown: 995 closed tcp ports (reset)
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
443/tcp  open     https
5060/tcp filtered sip
8443/tcp open     https-alt

Also, I tried adding “–env SKIP_DOMAIN_VALIDATION=true” to the docker run command of the master container to no effect.

Any help would be appreciated.

What happens when you attempt to reach your domain from an external network? In other words, are you certain the following are working from the outside:

  • DNS resolution for your domain/hostname
  • Firewall port forwarding ends up at the right internal host