Letsencrypt error getting validation data

Hi everyone,

after updating NCP to bullseye I have/had severe problems that I think I have solved - at least partially. During the setup I also decided to change the domain. Before I used the DynDNS service from no-ip, now I purchased a domain from STRATO.

Unfortaunately, now I am unable to get a letsencrypt certificate. I repeatedly tried it with different settings on STRATO side, but always end up with the same error.

Port forwarding is set-up for IPv4 on ports 80 and 443. I can also reach nextcloud from outside of the network, so port forwarding seems to work. Port forwarding for IPv6 I deactivated, because it caused trouble when I tried to reach the domain within my home network (I always ended up on the login page of my router)

Below the error message. If you tell me how I can easily copy the content of the letsencrypt.log file, I’d be happy to share as well.

Looking forward for good ideas :slight_smile:

Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for XXX.eu
Performing the following challenges:
http-01 challenge for XXX.eu
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Challenge failed for domain XXX.eu
http-01 challenge for XXX.eu
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: XXX.eu
    Type: connection
    Detail: XXX.XXX.XX.XXX: Fetching
    https://XXX.eu/.well-known/acme-challenge/K4G5X_vWTitE7SHpMLTuS6dzOT7pQPmXV7aVbdcFsAw:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

You can reach your domain from outside your network with the domain name, the ip address or both?

it works with both - domain name and IP address

That is weird.
Do you use any kind of firewall or dns filter (e.g pihole)?

Yes, sorry for not mentioning that earlier. I use Pihole with unbound. Nevertheless it worked before with the other domain.

just tried it with pihole disabled, but it ends up with the same error message

update1:
Interestingly, when I tried switching back to the old domain name, it works properly. Old one is a subdomain xxx.ddns.net. In the future I wanted to use a main domain xxx.eu

update 2:
I also had problems with accessing nextcloud via the windows dektop app. When I tried connecting with the domain name, it always showed "404 Not Nound for “GET https://xxx/nextcloud/status.php”. Connection via local IP address worked fine, though. After I changed to the old scenario using a no-ip subdomain, it also works

My interpreation is, that the router is causing trouble with port forwarding. Any other ideas?

update 3:
Seems like I have been able to solve it. no-ip only forwarded the domain to my IPv4 address. I think IPv6 forwarding is not offered. STRATO, the new provider also did get my IPv6 address and this caused trouble. I was able to tell my router to only provide the IPv4 (and not IPv6) and it works perfectly fine for now.

As I have a static IPv4 address (Dual Stack), I don’t expect any issues here. Right?

1 Like