I followed digitalocean’s guide here to install it on Ubuntu Xenial.
All is fine until I run sudo nextcloud.enable-https lets-encrypt.
r@dotc:~$ sudo nextcloud.enable-https lets-encrypt
In order for Let’s Encrypt to verify that you actually own the
domain(s) for which you’re requesting a certificate, there are a
number of requirements of which you need to be aware:
1. In order to register with the Let's Encrypt ACME server, you must
agree to the currently-in-effect Subscriber Agreement located
By continuing to use this tool you agree to these terms. Please
cancel now if otherwise.
2. You must have the domain name(s) for which you want certificates
pointing at the external IP address of this machine.
3. Both ports 80 and 443 on the external IP address of this machine
must point to this machine (e.g. port forwarding might need to be
setup on your router).
Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): firstname.lastname@example.org
Please enter your domain name(s) (space-separated): dotcloud.space
Attempting to obtain certificates... error running certbot:
Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator nextcloud:webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dotcloud.space
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dotcloud.space (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dotcloud.space/.well-known/acme-challenge/4RnT0euDlZ18Ey67o_oJMLoR31FF_CgUgBpYhsLzc-A: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<title>404 Not Found</title>
- The following errors were reported by the server:
Detail: Invalid response from
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I have 80 and 443 open, everything working. Certbot is ok (at least I think so). The domain is from namecheap, there’s an A record to the server’s public IP.
https to it works (apache)
I have it on Scaleway’s cheapest box. Digitalocean just has the best tutorials.
I already ran certbot,
I’ll reinstall the box… Will keep you updated.
Thanks for the playbook(s).
Will apache (preinstalled) interfere with ngnix?
It’s just that I need nextcloud in the cloud and a VM takes significantly more resources… What I pay for. (Note there is no way to get your ports fowarded (ISP has a major bug for years now) and static ip is also 8€/mo extra)
Self-Signed worked in scaleway’s start1-xs, but vm would need start-1s or start1-m (what are 2x and 4x the price, monthly)
I’ll have rclone to mount for storage.
Since this is a temporary solution (until rclone gets proper bi-directional sync), I’ll ignore the self-signed warnings.
I can’t use nextcloud for daily usage, since it has already proven, running on my webserver (some cpanel autoinstall, 1GiB storage) to 1) replace the newer version by an older version of a txt file b) automagically delete a zip, under 1MiB after some time being in the sync folder.
I would like to get access to my files trough my phone sometimes, but I will rather start up my desktop, vnc in to it and transfer the file to me, while keeping my files safe.
btw: if you can set your dns name with a “curl command” you can put this into the cloud-init field when you create a server. at the end of the server creation page.
the line with curl -s "https://DYNDNS.YOUR.REGISTRAR.HERE is an example of my registrar. you have to put your url and credentials here
make sure you have installed it with apt install sudo. if asked which sudoers file to take choose the maintainers one with “Y”. or make sure there is line root ALL=(ALL:ALL) ALL in the /etc/sudoers file. the command visudois best to edit this file.
I removed the testserver (what I got the thing working on), pointed the a record to the other server, repeated the steps, but no result.
Where should I get the DYNDNS.YOUR.REGISTAR.HERE and <SECRET-TOKEN>?