Snap Nextcloud / Ubuntu 22 / Certbot / Dead Site

mattbrac3 · July 21, 2022, 11:58am

Good morning everyone.

I recently installed Nextcloud using snap. The install went flawless no issues. I went to secure Nextcloud using DNS validation with Certbot.

After successfully completing the DNS validation using CNAME on my DNS host and successfully passing the validation on my server, now my server main page is no longer load locally or on the outside.

The page worked fine before the DNS validation. I have tried enabling and disabling HTTPS with no success. All the certificates appear to be in their correct location and with the correct file names according to some of the research that I have done.

I have been trying to troubleshoot this for two weeks now on and off. How can I get the community better information as far as my set up goes and figure out what is going on here and how I can make this work. Thank you for your help in advance.

kyrofa · July 21, 2022, 6:37pm

Okay, so you’re not using the certbot bundled with the snap. Can you give us more details about that aspect? Do you have a reverse proxy in front of the snap responsible for SSL termination?

mattbrac3 · July 21, 2022, 7:24pm

No reverse proxy. My firewall has it listening on 443 specifically. My internet does not allow 80 traffic so it has to be 443 at all times. If that answers your questions.

kyrofa · July 21, 2022, 9:08pm

What certbot are you using, then? Where are the certs?

mattbrac3 · July 21, 2022, 9:27pm

Using the latest certbot, that I downloaded a few days ago, using dns validation. The certs are located at /etc/letsencrypt/live/domainname.com

kyrofa · July 21, 2022, 10:20pm

That’s not going to work-- the snap doesn’t have access to those certs. Check out nextcloud.enable-https custom -h, you’ll need to add those certs manually. Ideally the snap would just take care of the renewal for you, but it requires port 80 to be open and available.

mattbrac3 · July 22, 2022, 10:01am

I’ll look into that today and get back to you

mattbrac3 · July 22, 2022, 12:43pm

So I deleted all the old certs. Rebuilt them using the certbot DNS challenge. Copied the certs to the proper snap directories. Ran the HTTPS custom -s command and it installed them without error.

Website still will not present. I can ping it and the ports are listening. Not sure what is going on

And to clarify it was working prior to enabling https and now if I turn https off it will no longer load

mattbrac3 · July 23, 2022, 7:07pm

Well I got it working but with a self signed cert. Since I can’t open port 80 I guess I can’t do the let’s encrypt. Unless someone knows how but I’m pretty sure my ISP blocks it on their side.