New User - Having trouble setting up Certbot/Apache2

SonyJunkie · February 6, 2020, 3:10pm

Hi Everyone

I am new to Nextcloud, well home servers in general! I have installed Ubuntu Server 18.04 in a VM on Proxmox running on my Dell R710 and during the Ubuntu installation I chose to also install Nextcloud as an option. As far as I can work out this is a Snap installation.

I used noip.com to create a hostname to get back to my server, I opened ports 80 & 443 on my modem/firewall and when I type my hostname in a browser (i.e. whatever.ddns.net) I get to the log in page for Nextcloud, all good so far. I even managed to install the windows app and android app and got those working too. Great.

However, I was aware that this wasn’t a secure connection, my browser shows it as “not secure”. I followed these instructions - https://certbot.eff.org/lets-encrypt/ubuntubionic-apache to install Certbot but then I encountered my first problem, when I browsed to my hostname I got the default Apache2 webpage! After much Googleing I managed to get it back to my Nextcloud log in, but only when Apache2 is stopped!! When it is running I get a 403 Forbidden, You don’t have permission to access this resource., Apache/2.4.29 (Ubuntu) Server at whatever.ddns.net Port 80 message or “this site cannot be reached” when adding https:// to the start of the hostname.

Any help to get this fully working would be great, thank you.

tflidd · February 6, 2020, 10:43pm

Did you manage to get your certificate?

Did you try to access via https? If yes, then you must just redirect the http to https. I don’t know what the installation routine changed in your apache-configuration. Without a look into it, it’s hard to help you.

SonyJunkie · February 7, 2020, 7:44am

Thank you for your response.

As far as I can tell the certificate were installed, there were no obvious error messages.

I did try accessing via https but I get the “this site cannot be reached” browser error.

Can you advise where and what I should be looking for?

OliverPifferi · March 29, 2020, 4:11pm

I just can tell you that a basic Apache-configuration (/etc/apache2/sites-available/000-default.conf) works that way:

<VirtualHost *:80>
ServerName <<<cloud.your.tld>>>
ServerAdmin admin@<<<your.tld>>>
DocumentRoot /var/www/nextcloud

ErrorLog ${APACHE_LOG_DIR}/hostname.tld_error.log
CustomLog ${APACHE_LOG_DIR}/hostname.tld_access.log combined

<Directory /var/www/nextcloud>
    Options +FollowSymlinks
    AllowOverride All

    <IfModule mod_dav.c>
        Dav off
    </IfModule>

    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

Restart the webserver.

To get Certbot running, I always use the following terms on my Ubuntu-deployments:

sudo apt install certbot python-certbot-apache
sudo certbot --apache

As long as the NAT to your domain over ports 80 and 443 TCP works (which it does, according to your post), the certificates should get fetched and implemented without any hassle. In my installation, I choose the permanent redirect to https and it works.

Just be sure the dons-name matches the Apache config and no other services (had this problem with proxied Cloudflare-hosts once which cloak your IP) are in between.

Maybe any of these ideas may lead to any solution - good luck!