Nextcloud and Lets Encrypt

bnorman93 · April 26, 2022, 8:36pm

Nextcloud version (eg, 20.0.5): 23.0
Operating system and version (eg, Ubuntu 20.04): 20.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.41
PHP version (eg, 7.4): php 7.4

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

Trying to install let’s encrypt certificate from the cli keep getting the errors I posted.

Hello I am having some issues getting lets encrypt to work right with my server that i created. This is some of the output that i was able to obtain.
root@server-HP-Z600-Workstation:~# sudo nextcloud.enable-https lets-encrypt
In order for Let’s Encrypt to verify that you actually own the
domain(s) for which you’re requesting a certificate, there are a
number of requirements of which you need to be aware:

In order to register with the Let’s Encrypt ACME server, you must
agree to the currently-in-effect Subscriber Agreement located
here:

By continuing to use this tool you agree to these terms. Please
cancel now if otherwise.
You must have the domain name(s) for which you want certificates
pointing at the external IP address of this machine.
Both ports 80 and 443 on the external IP address of this machine
must point to this machine (e.g. port forwarding might need to be
setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery):
Please enter your domain name(s) (space-separated): bnorman93nexclouddnsnet
Attempting to obtain certificates… error running certbot:

Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bnorman93.nexclouddns.net
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
Waiting for verification…
Challenge failed for domain bnorman93nexclouddnsnet
http-01 challenge for bnorman93nexclouddnsnet
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: bnorman93.nexclouddns.net
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
bnorman93.nexclouddns.net - check that a DNS record exists for this
domain; DNS problem: NXDOMAIN looking up AAAA for
bnorman93.nexclouddns.net - check that a DNS record exists for this
domain

bnorman93 · April 26, 2022, 8:53pm

2022-04-26 16:50:19,175:DEBUG:certbot.error_handler:Calling registered functions
2022-04-26 16:50:19,175:INFO:certbot.auth_handler:Cleaning up challenges
2022-04-26 16:50:19,175:DEBUG:certbot.plugins.webroot:Removing /var/snap/nextcl>
2022-04-26 16:50:19,176:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2022-04-26 16:50:19,176:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/snap/nextcloud/30258/bin/certbot”, line 8, in
sys.exit(main())
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/main.py”, lin>
return config.func(config, plugins)
File “/snap/nextcloud/30258/bin/certbot”, line 8, in
sys.exit(main())
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/main.py”, lin>
return config.func(config, plugins)
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/main.py”, lin>
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/main.py”, lin>
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/client.py”, l>
cert, chain, key, _ = self.obtain_certificate(domains)
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/client.py”, l>
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_sub>
File “/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/client.py”, l>
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/auth_handler.>
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/nextcloud/30258/lib/python2.7/site-packages/certbot/auth_handler.>
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

just · April 26, 2022, 9:20pm

Your domain is possibly backwards unless you own nextclouddns.net

You are missing the required support template. Please fill this form out and edit into your post.

This will give us more technical info and logs needed to help you! Thanks.

bnorman93 · April 26, 2022, 9:21pm

I used nexcloud instead of next to try and keep it close to remind me

bnorman93 · April 27, 2022, 1:33am

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
022-04-26 21:43:27,664:DEBUG:acme.client:Storing nonce: 01029klSNrIUMFGi36mmGsdujw5LJyuAFVVS3KO2sq9PTUs
2022-04-26 21:43:27,664:INFO:certbot._internal.auth_handler:Challenge failed for domain bnorman93.nexclouddns.net
2022-04-26 21:43:27,665:INFO:certbot._internal.auth_handler:http-01 challenge for bnorman93.nexclouddns.net
2022-04-26 21:43:27,665:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: bnorman93.nexclouddns.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for bnorman93.nexclouddns.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for bnorman93.nexclouddns.net - check t>

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the>

2022-04-26 21:43:27,665:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/auth_handler.py”, line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/auth_handler.py”, line 206, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
certbot.errors.AuthorizationError: Some challenges have failed.

2022-04-26 21:43:27,666:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-04-26 21:43:27,666:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-04-26 21:43:27,879:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/snap/certbot/1952/bin/certbot”, line 8, in
sys.exit(main())
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/main.py”, line 19, in main
return internal_main.main(cli_args)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/main.py”, line 1723, in main
return config.func(config, plugins)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/main.py”, line 1432, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/main.py”, line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/client.py”, line 513, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/client.py”, line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/client.py”, line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/auth_handler.py”, line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/snap/certbot/1952/lib/python3.8/site-packages/certbot/_internal/auth_handler.py”, line 206, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
certbot.errors.AuthorizationError: Some challenges have failed.
2022-04-26 21:43:27,881:ERROR:certbot._internal.log:Some challenges have failed.

dns record: dns-log — ImgBB

bb77 · April 27, 2022, 5:06am

Are you using the free DDNS service of clouddns.net?

The domain name “nexclouddns.net” is not registred and doesn’t exist. You cannot simply make up a domain name and use it, without registering it first.
I don’t know clouddns.net, but usually an address from a DynDNS service would look like that:

yourusername.dyndnsprovider.tld

Example DNS record:

bnorman93.clouddns.net. 60 IN A <YourDynamicIPAddress>

If you own a domain name you would additionaly set a CNAME record at your registrars DNS panel that points your actual domain and subdomain to the DynDNS name:

Example:

nextcloud.yourdomain.tld. 3600 IN CNAME bnorman93.clouddns.net

bnorman93 · April 27, 2022, 6:50pm

Yes, I am trying to use clouddns.net and im not sure why it says it isnt there i took a screenshot of it is there another dns server you reccomend because i cant get this to work for the life of me
For the example dns record is that how i would type it in “sudo certbot -d bnorman93.nexclouddns.net”? Thanks for all the help so far!

Kaassouffle · April 27, 2022, 8:36pm

Like bb77 said, you don’t own the domain nexclouddns.net.
You first need to register it: https://duckduckgo.com/?q=.net+domain+registrar&hps=1&atb=v317-1&ia=web

Then when you own that domain you can choose to use the nameserver of the registrar or use a service like clouddns or cloudflare

bnorman93 · April 27, 2022, 8:50pm

So do I use the dns servers that they have on the clouddns or is there a free way to have the domain registered or no?

Kaassouffle · April 27, 2022, 8:55pm

First you need to get a domainname. Then you can choose which nameserver (or, like you call it, “dns servers”) you want to use

freenom.com has some free domains (for example .tk) that are valid for a year.

bnorman93 · April 27, 2022, 10:19pm

So the clouddns won’t work then or I have to connect that to a paid dns servicer?

bnorman93 · April 27, 2022, 10:38pm

I just made a account with google domains will this work to incorporate the dns?

bb77 · April 28, 2022, 5:52am

Do you have a domain name regstred with them or somewhere else?

Again, do you just have an account there or do you actually have a domain registred with them?

You must have registered the domain name somewhere in order to use it with any DNS service. You can do that with Clouddns or Google Domains. The registrar does not have to be the same provider that handles your DNS, but it simplifies the matter. So in your case I would recommend using Clouddns for registering the domain name: Cheap Domain Names | ClouDNS

You most likely could also just use their DynDNS service, without registering your own domain name. But then the URL to your Nextcloud would probably look something like this: https://bnorman93.clouddns.net. instead of e.g. https://nextcloud.yourowndomainname.tld

Kaassouffle · April 28, 2022, 10:34am

I think you first need to google what a domain name, DNS and nameserver actually is haha

bnorman93 · April 28, 2022, 11:01am

I am just transferring from satcom to network side so it’s a bit of a interesting switch that’s for sure… nevertheless, I attached the picture of the dns settings I established on the cloudns website is that right? I went ahead and paid for google domains as well I may just use that to simplify this process because it has the ability to register a address attached to your domain that attaches to their domain if I am understanding correctly

bb77 · April 28, 2022, 12:26pm

I cannot give you a step to step guide because I neither use Google Domains nor Clouddns. I also don’t know if Google Domains does Dynamic DNS which you probably need if you’re hosting Nextcloud at home… But in the picture you attached, you’ve been using a domain name that doesn’t exist. This cannot work.

If you did register a domain name at Goole (a question which you still didn’t answer) and you want to use Dynamic DNS with Clouddns you have to do following:

In the DynDNS settings panel of CloudDNS:

Create an address like bnorman93.clouddns.net that ties to your Home IP address

In the DNS settings panel of Google Domains:

A CNAME record for nextcloud.yourgoogledomain.com that points to bnorman93.clouddns.net

That’s probably not a bad idea. I highly recommand you to read up at least about the basics how the Domain Name System works…

Kaassouffle · April 28, 2022, 12:35pm

Google Domains supports dynamic dns (I use Google Domains myself, but not dyndns). He mentioned that he wanted to register a domain name for free so it’s probably best to register one at Freenom and set the nameservers to another service because Freenom is terrible to work with

bb77 · April 28, 2022, 12:40pm

If Google Domains does support Dynamic DNS I would use that if I were him. I mean a .com domain is about 10$ a year? Souldn’t break the bank, shouldn’t it? Otherwise the cheap and easy way would be just using a name of a free DynDNS provider like no-ip, afraid.org or probably also Clouddns…

bnorman93 · April 28, 2022, 2:27pm

Google domains supports dynamic dns and I’m going to go fully through them so why does it keep giving me errors now?
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for server.bnorman93.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. server.bnorman93.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for server.bnorman93.com - the domain’s nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for server.bnorman93.com - the domain’s nameservers may be malfunctioning

Kaassouffle · April 28, 2022, 5:26pm

Before you keep trying to create a certificate, first make sure you can reach your server using http. Did you enter your IP in the DNS section?