Problems settting up nextcloud snap

Nextcloud version (eg, 20.0.5): 25.0.3
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04
Apache or nginx version (eg, Apache 2.4.25): using snap so don't have this
PHP version (eg, 7.4): whatever snap has

The issue you are facing:

Decided to install on the new machine via snap since it seemed the most no fuss. I previously installed using an ansible playbook.

Basically I followed the instructions on this page: https://www.vultr.com/docs/how-to-install-nextcloud-on-ubuntu-22-04-with-snap/

I got to the lets-encrypt step but it isn’t running correctly.

Is this the first time you’ve seen this error? (Y/N): Yes


┌─      ~                                                                                                                        
└─➤ sudo nextcloud.enable-https lets-encrypt
In order for Let's Encrypt to verify that you actually own the
domain(s) for which you're requesting a certificate, there are a
number of requirements of which you need to be aware:

1. In order to register with the Let's Encrypt ACME server, you must
   agree to the currently-in-effect Subscriber Agreement located
   here:

       https://letsencrypt.org/repository/

   By continuing to use this tool you agree to these terms. Please
   cancel now if otherwise.

2. You must have the domain name(s) for which you want certificates
   pointing at the external IP address of this machine.

3. Both ports 80 and 443 on the external IP address of this machine
   must point to this machine (e.g. port forwarding might need to be
   setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): thedonquixotic@gmail.com
Please enter your domain name(s) (space-separated): cloud.aslanfrench.work aslanfrench.work
Attempting to obtain certificates... error running certbot:

Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for aslanfrench.work
http-01 challenge for cloud.aslanfrench.work
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain aslanfrench.work
Challenge failed for domain cloud.aslanfrench.work
http-01 challenge for aslanfrench.work
http-01 challenge for cloud.aslanfrench.work
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: aslanfrench.work
   Type:   unauthorized
   Detail: 76.76.21.21: Invalid response from
   http://aslanfrench.work/.well-known/acme-challenge/vBe8v2veEwELdyUXqHYYD5-yimreARd_eRn6GtV8llU:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: cloud.aslanfrench.work
   Type:   connection
   Detail: 136.49.246.64: Fetching
   http://cloud.aslanfrench.work/.well-known/acme-challenge/n4cCIqtW2_jf_XdtHzVH1XtXng9fMxKdsQ7w7c9ZfGQ:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at
   /var/snap/nextcloud/current/certs/certbot/config. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

I figured the issue must be with my DNS so I went to my DNS but I already have cloud.aslanfrench.work pointed towards my IP.

I see Nextcloud when I visit locahost but not when I visit my IP. So I’m not sure what the issue is. Pretty sure my IP is 136.49.246.64 at least that’s what I get from going to those “What’s my IP”. I know most people use ifconfig but whenever I run that I can never make heads or tails of it because there’s so much text and most of it is irrelevant. Is this an IP issue or is there something else I should be checking?

Hello,

Port forwarding done from router to your Nextcloud machine local LAN NAT IP?

Before doing https, ensure that nextcloud is accessible via external IP

Thanks

1 Like

I think I already have port forwarding set up on my router from my last nextcloud installation.

I also have this for 80 and 8080, which I think should cover everything.

Also I have google fiber which means I have a static IP.

The real question is, do you see Nextcloud when using the FQDN from off-network. This is what Let’s Encrypt has to do during verification.

I don’t, nor with the IP. Not sure what the issue is there.

Hello,

Let’s look at it step by step,

  1. Ensure the local machine in which snap nextcloud is running has a static local LAN NAT IP. (like 192.168.1.xx or such as per your NAT IP format)

  2. Ensure that nextcloud is accessible via that static IP within your local Network via LAN or WLAN (like other PC / Laptop / Mobile or Tablet)

Only when step 1 and 2 is working, you proceed towards troubleshooting external network access.

So can you access nextcloud within your local LAN Network?

Thanks.

Then there is something wrong with either the port forward/firewall setting, or the public IP/DNS setup. To start I would just double check everything.

It’s accessible over LAN via the internal IP. I checked on my phone and I can see it.

Hello,

Snap Nextcloud is working then.

I would agree with @KarlF12

Something think to do at your Router / ISP

  1. Check port forwarding (80/443) to that Static LAN IP is done properly

  2. Ensure your router has Public IP, not a CG-NAT based internal IP.

Thanks.

1 Like

As far as I can tell it is. I see the port forwarding rules set up on the router, and I put a picture up above.

Here is diagnostics info from the router.

Serial Number	GNAFNS175003861
ACS inform	OK (Thu Mar 2 14:43:40 2023)
Software Version	gfrg200-48.29
Uptime	3459863
Temperature	
CPU temperature 64

WAN MAC	
F4:F5:E8:7F:6B:F6 (Down)

WAN IP (last)	
2605:a600:1d81:6d23::1 (Enabled)
136.49.246.64 (Enabled)

LAN IP	
192.168.254.1 (Enabled)
2605:a601:aa6a:7500::1 (Enabled)
192.168.1.1 (Enabled)

Subnet Mask	255.255.255.0
Wired LAN MAC	
F4:F5:E8:7F:6B:F7 (Up)

MoCa SNR	Scanning, nothing associated
Wifi Clients	
90:e8:68:xx:xx:xx -53
bc:17:b8:xx:xx:xx -62
18:b4:30:xx:xx:xx -54
aa:95:89:xx:xx:xx -51
92:42:00:xx:xx:xx -86
bc:d0:74:xx:xx:xx -53
64:07:f6:xx:xx:xx -49

UPnP	Off
Fiberjack	
Serial	JAAG65106303
Connected	true
ACS Contacted	true
ACS Contact Time	Thu Mar 02 2023 14:42:11 GMT-0600 (Central Standard Time)
Uptime	6419039

I am pretty sure it has a public IP. This reddit post says that Google Fiber does not use CG-NAT: https://www.reddit.com/r/googlefiber/comments/9akp96/does_google_fiber_use_cgn/

When I google “google fiber public IP” I get this help article that recommends this website, which says my IP is: 136.49.246.64 which tracks with the error message I got above when trying to run the snap enable https command.

Did some some more googling and decided to check that the ports were open:

┌─      ~                                                                                                                        
└─➤ sudo snap get nextcloud ports
[sudo] password for aslan: 
Key          Value
ports.http   80
ports.https  443

I am baffled. I did snap because I thought it was supposed to be no fuss but I’m having trouble figuring out what I have done wrong. This was a super fresh install of NC. Barely anything else installed except for my dotfiles and a few extensions.

it was indeed a router problem. I had to specify which device on the LAN to route for the ports.

Before figuring that out though I uninstalled snap and tried installing the AIO docker. I’m going to try and finish setting up the AIO but I may switch back if I can’t find an easy way to ssl etc.

1 Like