Nextcloud.enable-https lets-encrypt fails, 404

I followed digitalocean’s guide here to install it on Ubuntu Xenial.

All is fine until I run sudo nextcloud.enable-https lets-encrypt.
r@dotc:~$ sudo nextcloud.enable-https lets-encrypt
In order for Let’s Encrypt to verify that you actually own the
domain(s) for which you’re requesting a certificate, there are a
number of requirements of which you need to be aware:

1. In order to register with the Let's Encrypt ACME server, you must
   agree to the currently-in-effect Subscriber Agreement located

   By continuing to use this tool you agree to these terms. Please
   cancel now if otherwise.

2. You must have the domain name(s) for which you want certificates
   pointing at the external IP address of this machine.

3. Both ports 80 and 443 on the external IP address of this machine
   must point to this machine (e.g. port forwarding might need to be
   setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery):
Please enter your domain name(s) (space-separated):
Attempting to obtain certificates... error running certbot:

Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator nextcloud:webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<title>404 Not Found</title>
<h1>Not Found</h1>
 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
<title>404 Not
<h1>Not Found</h1>

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I have 80 and 443 open, everything working. Certbot is ok (at least I think so). The domain is from namecheap, there’s an A record to the server’s public IP.

What did I do wrong?

did you try to run just certbot ?
btw: has a valid letsencrypt certificate right now.

if you still have problems. throw away the droplet. and try my ansible-playbook.

it will setup nextcloud following the config of carsten rieger. more or less.

https to it works (apache)
I have it on Scaleway’s cheapest box. Digitalocean just has the best tutorials.
I already ran certbot,
I’ll reinstall the box… Will keep you updated.
Thanks for the playbook(s).
Will apache (preinstalled) interfere with ngnix?

yes. both use the same ports. 80/443. you have to disable apache or remove it.

btw: the scaleway’s boxes cost 0.004 cent/hour. just give the playbook a try. :wink:

and don’t forget to set install_onlyoffice = false because you probably won’t be happy with the performance.

Yet I didn’t get it running. Log.
PS: Before starting this thread, I was able to get nextcloud running with self-signed, but I would like to use let’s encrypt.

If you need, I can create a box for you, so you could work out, what went wrong.

You could use the Nextcloud VM for seamless SSL integration with Let’s Encrypt.

Unfortionetly I can’t do VMs.

Everyone can! It works on every system as long as you have a hypervisor. The following are supported:

  • VMware
  • Hyper-V
  • KVM

Give it a go, I’m sure you’ll like it. :slight_smile:

It’s just that I need nextcloud in the cloud and a VM takes significantly more resources… What I pay for. (Note there is no way to get your ports fowarded (ISP has a major bug for years now) and static ip is also 8€/mo extra)

Self-Signed worked in scaleway’s start1-xs, but vm would need start-1s or start1-m (what are 2x and 4x the price, monthly)

I’ll have rclone to mount for storage.

Since this is a temporary solution (until rclone gets proper bi-directional sync), I’ll ignore the self-signed warnings.

I can’t use nextcloud for daily usage, since it has already proven, running on my webserver (some cpanel autoinstall, 1GiB storage) to 1) replace the newer version by an older version of a txt file b) automagically delete a zip, under 1MiB after some time being in the sync folder.

I would like to get access to my files trough my phone sometimes, but I will rather start up my desktop, vnc in to it and transfer the file to me, while keeping my files safe.

you have to define the variable: 'cert_email' is undefined
letsencrypt wants to have your email.
it’s in the inventory. and just rerun the playbook.

I did that, meanwhile I have tried to install it again, but always with email (

it worked. for me.

what was the error message you got?

btw: if you can set your dns name with a “curl command” you can put this into the cloud-init field when you create a server. at the end of the server creation page.
the line with curl -s "https://DYNDNS.YOUR.REGISTRAR.HERE is an example of my registrar. you have to put your url and credentials here


    - vim
    - mc
    - wget
    - curl
    - sudo
    - name: root
      sudo: ALL=(ALL:ALL) ALL

package_upgrade: true

  - curl -s | /bin/bash
  - curl -s "https://DYNDNS.YOUR.REGISTRAR.HERE/?fqdn=<YOUR.DOMAIN.HERE>&thisipv4=1&forcehost=1&token=<SECRET-TOKEN>"
  - HOME=/root ansible-pull --clean --force -d /root/nextcloud -i 'nextcloud' -U nextcloud.yml -e "fqdn=YOUR.DOMAIN.HERE" -e "cert_email=YOUR@EMAIL.HERE" -e "ssl_certificate_type='letsencrypt'" -e "nc_db_type='mysql'"

the -e "nc_db_type='mysql'"in the last line installs mysql instead of postgres. your choice. i don’t know what is your favorite db. :wink:

p.s.: scaleway doesn’t install sudo.

make sure you have installed it with apt install sudo. if asked which sudoers file to take choose the maintainers one with “Y”. or make sure there is line root ALL=(ALL:ALL) ALL in the /etc/sudoers file. the command visudois best to edit this file.

Scaleway doesn’t install sudo on 18.04, I am using 16.04 in this case.

It worked!
But I didn’t guess the admin username/password.

it’s in the inventory. :wink:

I think I saw it installing the office things too, I need only nextcloud (files).
I might have some problems:

docker stop onlyoffice
docker rm onlyoffice
docker images

and disable the app in nextcloud.

I removed the testserver (what I got the thing working on), pointed the a record to the other server, repeated the steps, but no result.