Hello,
I’m using a RPi 4B. Installation worked without a flaw. However, I cannot access from outside my home-network yet. Did try to just use a freedns-subdomain, that works as far as it goes through without error-massages, as does dnsmasq, but letsencrypt gives me an error and doesn’t work.
On my router I can only allow IPv6-ports to be open, not IPv4-ports. I do not have a static IPv4-address (or one at all? I’m using cable for internet in Germany, Vodafone. Tried to read up on it but it’s a little blurry, I’m not deep into network-tech).
So my question would be, if it is neccessary to be able to open up IPv4-ports, or if it should work with the IPv6-ports. And if that method won’t work, could I use another way to route to the Pi? Maybe VPN-tunneling or something?
Thanks
log was
[ letsencrypt ] (Mon Oct 31 16:33:07 GMT 2022)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for [myDomain]
Performing the following challenges:
http-01 challenge for [myDomain]
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Challenge failed for domain [myDomain]
http-01 challenge for [myDomain]
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: [myDomain] Type: connection
Detail: [myIP]: Fetching
http://lnzzz.ignorelist.com/.well-known/acme-challenge/UDvWBWeUCHVipPOKHwK_wYjeDPdKw6zrzLDwykPGT_4:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Swapped my Domain and IP with placeholders.
Trying to set ports with UPnP gives me:
[ nc-forward-ports ] (Mon Oct 31 16:36:38 GMT 2022)
No valid UPNP Internet Gateway Device found.
upnpc : miniupnpc library test client, version 2.2.1.
(c) 2005-2020 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.0.1:49152/IGDdevicedesc_brlan0.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found a (not connected?) IGD : http://192.168.0.1:49152/upnp/control/WANIPConnection0
No valid UPNP Internet Gateway Device found.
upnpc : miniupnpc library test client, version 2.2.1.
(c) 2005-2020 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.0.1:49152/IGDdevicedesc_brlan0.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found a (not connected?) IGD : http://192.168.0.1:49152/upnp/control/WANIPConnection0
No valid UPNP Internet Gateway Device found.
upnpc : miniupnpc library test client, version 2.2.1.
(c) 2005-2020 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.0.1:49152/IGDdevicedesc_brlan0.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found a (not connected?) IGD : http://192.168.0.1:49152/upnp/control/WANIPConnection0
Could not forward ports automatically.
Do it manually, or activate UPnP in your router and try again
Letsencrypt supports IPv6 for sure.
https://letsencrypt.org/docs/ipv6-support/
You need TCP/80 and TCP/443 ports open to your host for it to work.
1 Like
No, that won’t help, as your IPv4 is not visible from “wild internet”
Yes, this is possible - however limited to the IPv6-world. If you are e.g. in a public WiFi (Hotel, etc.), there might be still IPv4 only.
Have you opened your IPv6-ports already? Accourding to the log from nc-forward-ports your UPNP-attempt didn’t work out - so you should try to open them from router-admin-UI
Once the ports are open, you can try to reach your nextcloud via the IPv6-address. Simply open the webbrowser and enter
https://[1234:5678:…:1234]
(your IPv6 inside square brackets)
→ There will be some warnings (insecure, etc.) - but finally you should see an answer from your nextcloud.
Next step would be then to setup DynDNS for your IPv6-address.
Final step then the Let’s Encrypt
1 Like
I have set up TCP-Port 80 and Port 443 for the nextcloudpi. However, my IPv6-adress in browser-bar does nothing but a page load error. It doesn’t even load for a longer time, just directly to the error.
Edit: Apparantly had the wrong IPv6-address, took the one shown in the router and now I got routed to the router page, not the nextcloudpi-page (192.168.0.1 instead of 192.168.0.177).
It is a bit confusing with Vodafone. Ask their support for an ipv4 address. They use cgnat for ipv4 so you have a ipv4 but it is not yours alone.
Works also with their cable products.
Than you have a dynamic ipv4.
If you want a static ipv4 you have to go with a business contract.
1 Like
Alright! I have written them an E-Mail asking for a personal IPv4-adress.
So thanks you three and I will report back if it worked.
2 Likes
Okay. I had a nice chat with a Vodafone-supporter and she gave me a personal IPv4. Now UPnP did work and the router has new options available, UPnP apparantly did make entries there. Letsencrypt now also worked with my subdomain. But I still cannot reach nextcloud via the subdomain and in the system status it says
Port check 80 closed
Port check 443 closed
How can that be? Both ports are registered and enabled in the router under “Port-Forwarding”. Shouldn’t it work now?
There is a bug in ncp. Ports are not shown correctly
1 Like
Ah. Okay. Then I’ll report back tomorrow after work. I’ve read that DynDNS sometimes take some time until it actually works.
Well, it still doesn’t work. Everything seems to be as it should be, yet I still cannot connect from outside of my LAN.
Can you access your Nextcloud with your public IP?
If yes your DNS/domain isn’t configured well.
No, that doesn’t work either.
However, with both the subdomain as well as the IP I get a “no secure (https) connection available” - but when I click on “continue with http”, it loads until it’s an timeout-error.
Until your Nextcloud cannot be reached via your public IP from outside your home network, you will have to dig into your router-settings.
Check things like:
- Firewall
- Exposed host
- Port-Forwarding
Something is wrong with these settings.
What model of router are you using? AVM Fritzbox? Something else?
1 Like
Well that was a great pointing to the problem; for some reason, yet I do not know what reason, the port forwarding was deleted in the router setting. Enabled it again - this time manually, hope it gets saved now - and e voila! Fracking works! Thanks a bunch! 
1 Like