Hardware: Pi
OS: Ubuntu 20
Installation: snap install nextcloud
Ports: 80 and 443 are open and accessible. I checked this for creating dummy web servers (python3 -m http.server $PORT ). I can reach these with my ufw rules (en)|(dis)abled.
DNS: I’m using Google Domains. I can curl my domain and get the login page on port 80. My browsers insist on https and refuse to connect.
Previous Usage: I was using this solely on my home network, using a .local domain (I think its called avahi / mdns / zeroconf / bonjour). This still works.
Possible confounding factors:
Pihole using ports 53 (dns), 81 (website)
After I created this question, I successfuly generated a self signed certificate. While I could add an exception to my devices I’d rather not. So now I need to figure out how to get ride of this. I’m able to reach my domain and they complain about the cert.
Command: sudo nextcloud.enable-https lets-encrypt
Log: Should I include /var/log/letsencrypt/letsencrypt.log or /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log? They seem to contain sensitive information.
Output:
Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.hybras.dev
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain cloud.hybras.dev
http-01 challenge for cloud.hybras.dev
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.hybras.dev
Type: connection
Detail: Fetching
http://cloud.hybras.dev/.well-known/acme-challenge/FRphGHVH6gIUx1Z-MD0-pVCasnCtCkAxJbjKvyS0iNY:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Are Ports 80 and 443 reachable from outside your local network respective did you forward the ports 80 and 443 from the internet to the local IP address of the Pi in your router?
Everything worked on the first try. It was actually a 10 minute job.
Potential differences to your setup…
My VPS had a public static IP address. There was no DynDNS service or port forwarding involved and I didn’t change anything in the configuration of Pi-hole. I only tested if I can reach both webinterfaces and if the Nextcloud Snap is able to optain a Let’s Encrypt certificate.
The only thing I could imagine is that there is some DNS issue. Either caused somehow by Pi-hole (unlikely) or that your domain does not resolve to the correct IP address (more likely). Maybe a problem with the DynDNS service, which did not update your public IP address correctly?
…or (that would be the worst case) Your ISP is blocking Port 80 and 443?