Firstly, thanks for your time. I’m having trouble with Let’s Encrypt working with my private domain. I’ve exhausted many hours and am turning to you as a last resort.
Using: Ubuntu Server 22.04 LTS
Hardware: Libre aml-s905x-cc, acting as a server
Software: Nextcloud snap
I’m using a Raspberry clone from Libre Computers, the Le Potato version. It has Ubuntu Server 22.04 LTS installed on it. So, the idea is to make the single-board computer a public server hosting Nextcloud, which should be connected to my public domain via SSL.
I followed this tutorial from Digital Ocean. It mostly worked flawlessly using Nextcloud as a snap.How To Install and Configure Nextcloud on Ubuntu 20.04 | DigitalOcean
However, the problem comes from step 4. I get this error from Let’s Encrypt when my domain A record points to my PUBLIC IP
ubuntu@aml-s905x-cc:~$ sudo nextcloud.enable-https lets-encrypt
IMPORTANT NOTES:- The following errors were reported by the server:
Domain: sub.domain.com
Type: connection
Detail: [public IP]
Fetching http://sub.domain.com/.well-known/acme-challenge/_RT8Uws3nj90p-YSh-P7tzYUf2gfo_pxPN-SZQ5-MSk
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Results for when my domain A record points to my PRIVATE IP
ubuntu@aml-s905x-cc:~$ sudo nextcloud.enable-https lets-encrypt
IMPORTANT NOTES:- The following errors were reported by the server:
Domain: sub.domain.com
Type: None
Detail: no valid A records found for sub.domain.com; no valid AAAA records found for sub.domain.com
To dissect the issue, let me tell you that I opened ports 443 and 80 on my router to the private IP address of the device. You can see the settings here:Imgur: The magic of the Internet
For my domain, I tried two solutions for the A record. At first, the A record was pointed to my private IP, and then I also tried the public IP. Neither were the solution to Let’s Encrypt.
I wrote the checked nmap for my PUBLIC IP. These are the results.
ubuntu@aml-s905x-cc: $ sudo nmap -Pn -p 80,443 [public IP]
Starting Nmap 7.80 (https://nmap.org) at 2023-03-18 02:14 UTC
Nmap scan report for [public IP].lightspeed.[location].sbcglobal.net ([public IP])
Host is up.
PORT 80/tcp
STATE filtered
SERVICE http
PORT 443/tcp
STATE filtered
SERVICE https
Nmap done: 1 IP address (1 host up) scanned in 3.31 seconds
This is the nmap for my PRIVATE IP.
ubuntu@aml-s905x-cc:~$ nmap -p 80,443 [private IP]
Starting Nmap 7.80 ( https://nmap.org) at 2023-03-18 02:36 UTC Nmap scan report for [private IP]
Host is up (0.00091s latency).
PORT 80/tcp
STATE open
SERVICE http
PORT 443/tcp
STATE filtered
SERVICE https
Nmap done: 1 IP address (1 host up) scanned in 13.17 seconds
ufw is inactive.
ubuntu@aml-s905x-cc: $ sudo ufw statusStatus: inactive
My questions:
- For Let’s Encrypt, do my domain A records need to point to my device’s public or private IP? Do I need any more records?
- Do the ports on my router need to be connected to my device’s public or private IP?
- Am I missing any other firewall settings on my router or anything else in general?
- Maybe there’s an easier solution to implementing HTTPS?
Many thanks again!
