I am unable to reach the website from outside my network and i also figured out the whole domain and nameserver ordeal I can access the server from my browser inside my network via the url but upon trying to get a certificate it keeps saying possibly firewall is blocking the access which i have configured the proxy settings as well as did a nslookup to validate my settings for my dns record for my domain and dynamic dns and every thing is good there and the ports are open so i am pretty confused as to why lets encrypt isnt issuing a certificate… I am able to reach the site via http://server.com via my web browser and login but only on my network
randon@Server:~$ certbot --apache
The following error was encountered:
[Errno 13] Permission denied: ‘/var/log/letsencrypt/.certbot.lock’
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
brandon@Server:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bnorman93.com
Waiting for verification…
Challenge failed for domain bnorman93.com
http-01 challenge for bnorman93.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: “information is removed for viewing purposes”
Type: connection
Detail: : Fetching
http:// “information is removed for viewing purposes”:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Did you also open Port 80? Both, Port 80 and 443 are needed in order for Certbot to work.
1 Like
Yes both are open as well as forwarded in my router
Lets encrypt doesnt work with the ddns servicer i chose so i am waiting for a certificate i purchased from them but they say that i should still be able to remote access the server without the certificate so with that being said im still stuck figured id post a update
I still get the feeling that there are multiple missunderstandings here…
That seems strange to me. While it could indeed be possible that you cannot directly use the DynDNS name they provide you with for Let’s Encrypt, you will almost certainly be able to set a CNAME record in the DNS settings panel of your registred domain name and point it to the DynDNS name. You have to use a subdomain in order for this to work though. You cannot use bnorman93.com directly. You would then use someting like nextcloud.bnorman93.com.
Yes you should. But there is a multitude of things that could be wrong. Missconfiguration of your server, webserver, network, router… Hard to say without knowing the details of your setup.
Clodns said they don’t support let’s encrypt on a free account through chat, I think I see an issue on the dynamic dns side I’m still using bnorman93.com I should probably set up a for example dynamic address like “server,bnorman93.com”
That will solve your issue. Your domain registrar will either support Let’s Encrypt or want you to pay for SSL.
1 Like
Ask your domain registrar and consult their documentation. Details should all be available within your domain account info.
Domain for the ddns or domain for my web domain?
No idea. Your posts are very confusing. Sort this out with whatever tool your use for dns and domain.
Ok, I am using cloudns for ddns. I am using google domains for my domain. My google domains points to my cloudns ddns type A/AAAA and my cloudns has bnorman93.com pointed at my IP address. The cloudns ns servers point at bnorman93.com which is hosted at google domains and there is no host name on my cloudns like “server.bnorman93.com” for instance so should I create a Type A that points at the domain or a ns then? Thanks for the help so far everyone!
Google domains should have all of the necessary info and documentation… I do not use them though.
You’ll need to work through their tooling. Try to sort it out with them. That is separate from Nextcloud.
My domains forwarded to cloudns already
Not anymore it seems… 
dig bnorman93.com NS
; <<>> DiG 9.18.2 <<>> bnorman93.com ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50610
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bnorman93.com. IN NS
;; ANSWER SECTION:
bnorman93.com. 21343 IN NS ns-cloud-c2.googledomains.com.
bnorman93.com. 21343 IN NS ns-cloud-c3.googledomains.com.
bnorman93.com. 21343 IN NS ns-cloud-c4.googledomains.com.
bnorman93.com. 21343 IN NS ns-cloud-c1.googledomains.com.
…which is probbaly a good thing. 
I would do everything at one place. That will make your live way easier. You can do Dynamic DNS with Google: https://support.google.com/domains/answer/6147083?hl=en
Na I got mad and started thrashing around 
, I contacted google domains when I sat up cloudns for the dynamic and they said they didn’t support that it’s only a web domain but I clearly have a dynamic dns address idk if I just don’t understand what’s happening or they don’t get what I am saying… so I should be able to use google domains dynamic dns that I created in order to make this happen?
I don’t use Google Domains myself but it seems you can, according to the link I posted in my previous post.
Ok is attempted to set it up again just waiting for changes to take effect in the domain field I just plugged in server.bnorman93.com and currently under data it doesn’t have anything in the ip field and it’s not changeable I am guessing it has to update and then it will have a IP address in that field correct?
Did you also read the following…?
After you set up Dynamic DNS, you must set up a client program on your host, server, or gateway that:
- Detects IP address changes*
- Uses the generated username and password*
- Communicates the new address to the Google name servers*