Letsetcrypt issues

using the wizard the following services all have green light :
freeDNS
nc-autoupdate-ncp
dnsmasq

I get orange for
letsencrypt
here’s the message the wizard gives:
[ letsencrypt ] (Wed Sep 30 15:24:30 BST 2020)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sherab.uk.to
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. sherab.uk.to (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://sherab.uk.to/.well-known/acme-challenge/9YP0-T96jtQLOPXqYotaoi2HBIor_DLMQaIKw9gOI1g [95.146.137.2]: "\n<html class=“ng-csp” data-placeholder-focus=“false” lang=“en” data-locale=“en” >\n\t<head\n data-requesttoken=“V7Y+”
IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: sherab.uk.to
   Type:   unauthorized
   Detail: Invalid response from
   https://sherab.uk.to/.well-known/acme-challenge/9YP0-T96jtQLOPXqYotaoi2HBIor_DLMQaIKw9gOI1g
   [95.146.137.2]: "<!DOCTYPE html>\n<html class=\"ng-csp\"
   data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\"
   >\n\t<head\n data-requesttoken=\"V7Y+"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I would appreciate any advice to fix this.
Thank you

Try with xxx.ddns.net , that is what pointing to yr ip, and xxx.uk.co, although it seems both ar pointing to same IP
Also add them to trusted domains, then try again.

You did not specify you have two servers on different sets of ports , so you need to use https://docs.nextcloudpi.com/en/how-to-get-certificate-with-letsencrypt-using-dns-to-verify-domain/ for the domain on alternate ports.

@OliverV
Thank you for the answer.
I am so confused right now I cannot really think straight around all these things.
I could do with your help.
What is the best way to achieve

  • two different machines
  • with two different ncp instances
  • with two different hostnames???

What is the best design for the above?

I would really appreciate any ideas

Cheers

I am assuming this is now resolved using DNS to verify the 2nd domain behind alternate ports. If so please add [solved] to the title.
Thanks for your contibution to improving the docs.