Letsencrypt error (do i need it?)/alternative?

Hi, after installing nextcloud i want to get the files outside my network, but letsencrypt isn’t working (error log see below, ports are forwarded, maybe some Nat problems (nat in games is moderate, i use a fritzbox)).

Do i really need letsencrypt to get onto nextcloud (i also use openvpn) but i also want to connect to my nextcloud with a random pc without downloading any certificate. Do i need letsencrypt for that?
or is there maybe an other way?

Edit: i can access my Filebrowser, but 1st: “it is not safe” (no https? even if the settings forward this?) and 2.nd i can’t access from an unknown ip -> is it okay to whitelist all ips /is it possible?


(too many links to post the log here as a new user)


You can route your Nextcloud traffic through OpenVPN. This will give you the security you want and allow you to skip using Letsencrypt, but it is still certainly recommended that you deploy it.

Any external sharing will be a no-no. Also, any app needing SSL will not work: federation, Social app, etc.

1 Like

yeah, but i also want to connect to nextcloud over an pc from my university where i can’t use openvpn. Thats my problem…

1 Like

Then you will want to sort out the Letsencrypt certificate error and not use OpenVPN. Hopefully someone here can help you with that. I’d also try linking this thread to the Nextcloud Telegram at https://t.me/nextcloud

Another option I’ve found successful is to have a secondary Nextcloud instance, just join one with basic federation enabled. Then, mount that federated storage to your localhost only instance as external storage. This way, all of the storage on the hosted service can be treated as your “public” or “university” directory without compromising your localhost instance.

1 Like

Check your webserver config, where it looks for the .well-known folder and if the letsencrypt script puts it in the right place. You can also stop the webserver, use the “standalone” option in the script and it will spin up a temporary webserver for this authentication. This will be a bit more complicated for renewals, because you have to stop your normal webserver and do the certificate update and restart it again.

1 Like

Thanks for your help, but i am a newcomer to linux and nas systems.
Do you mean for webserver config my omv conf or my nginx (etc/nginx/…)? and how do i know the right place?

Perhaps you can test another Lets Encrypt - installation:

Depends on your webserver, but for nginx it is the case.

What is the output of:


I see if: specko.duckdns.org is the domain, that there is a problem on youre DNS with port: 80:

specko.duckdns.org has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

specko.duckdns.org has an AAAA (IPv6) record (2003:c2:17ff:3a43:464e:6dff:fedc:6bf6) but a test request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address. You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.

A test authorization for specko.duckdns.org to the Let’s Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
Fetching http://specko.duckdns.org/.well-known/acme-challenge/rQrM-ngeCuuLV1fr4BrG4krQAvdaSP1RbrYkz_4elEg: Connection refused

hello, did you find out what was going on? I’m facing the same issue and I really don’t know which way to continue

Until now I had the same problem.
I am now in the FritzBox -> Home Network -> Network -> Network Settings and enter your NC domain under DNS rebind protection. Then wait a little or restart the box.
Now comes the certificate.

Hatte bis eben das gleiche Problem.
Bin jetzt in die FritzBox -> Heimnetzwerk -> Netzwerk -> Netzwerkeinstellungen und trage deine NC Domain unter DNS-Rebind-Schutz ein. Dann ein wenig warten oder die Box neu starten.
Nun kommt das Zertifikat. :smiley: