Unable to setup my nextcloud box with SSL

nextcloud box 11.0.1 (stable)
Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-1017-raspi2 armv7l)
raspi firmware: rpi-4.9.y

I am quite sure I did everything correct:

1. Registered a free domain name at freeenom.tk with URL forward (Frame (cloaking)) to my private external IP-address

2. Port forward on my router for port 80 and 443 to my static nextcloud ip-address (192.168.1.5)
	service name: nextcloud box
	port range: 80
	local ip: 192.168.1.5
	local port: 80
	protocol: TCP

	service name: nextcloud box SSL
	port range: 443
	local ip: 192.168.1.5
	local port: 443
	protocol: TCP

3. Added my external domain to nextcloud (https://github.com/nextcloud/nextcloud-snap/wiki/Connecting-the-Nextcloud-Box-to-the-Internet)
	sudo nextcloud.occ config:system:set trusted_domains 2 --value=your.domain

I was running my NextCloud Box (NCB) since version 10 with SSL without any problems.
After a firmware update for my router (NCB reboot required) I could not connect to my NCB anymore.
Probably the filesystem was corrupted…, so I tried this solution without success:

(Maybe my Switch also needed a reboot…) Anyway, I reinstalled my NCB with the original SD card image which was working:

(In the meantime my NCB was automatically updated from nextcloud 10->11)

Then I wanted to setup SSL as described here:

As posted here, this setup does not work anymore:

So I just use this command:
nextcloud.enable-https lets-encrypt -d

Apart from the error messages I receive as posted here:

root@nextcloud:/snap/bin# ./nextcloud.enable-https lets-encrypt -d
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
In order for Let's Encrypt to verify that you actually own the
domain(s) for which you're requesting a certificate, there are a
number of requirements of which you need to be aware:

1. In order to register with the Let's Encrypt ACME server, you must
   agree to the currently-in-effect Subscriber Agreement located
   here:

       https://letsencrypt.org/repository/

   By continuing to use this tool you agree to these terms. Please
   cancel now if otherwise.

2. You must have the domain name(s) for which you want certificates
   pointing at the external IP address of this machine.

3. Both ports 80 and 443 on the external IP address of this machine
   must point to this machine (e.g. port forwarding might need to be
   setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): jdullnig@gmail.com
Please enter your domain name(s) (space-separated): jjcloud.tk
Attempting to obtain certificates... error running certbot:

ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jjcloud.tk
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. jjcloud.tk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://jjcloud.tk/.well-known/acme-challenge/IYVSJcLawKXD1aXpQmxDURnyZ-7pPUpqw_S-7I8jbV8: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">

<html>
  <head>
    <titl"
IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to jdxxxx@gmail.com.
 - The following errors were reported by the server:

   Domain: jjcloud.tk
   Type:   unauthorized
   Detail: Invalid response from
   http://jjcloud.tk/.well-known/acme-challenge/IYVSJcLawKXD1aXpQmxDURnyZ-7pPUpqw_S-7I8jbV8:
   "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">

   <html>
     <head>
       <titl"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at
   /var/snap/nextcloud/current/certs/certbot/config. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Does somebody has an idea what I am doing wrong…?
thx!

somehow I suspect my ASUS RT-AC87U router…
port 443 is open, still I get a port closed message from http://www.yougetsignal.com/tools/open-ports.
router reboot did not help.
maybe I will try to change from the official firmware 3.0.0.4.380_7266 to ASUSWRT-Merlin.

I had no success with reverting to my previous router firmware.
I also tried with the current ASUS Merlin firmware 380.65.
–>
Opening port 80 for my local nextcloud box 192.168.1.5 is working:
Positive scan http://www.yougetsignal.com/tools/open-ports/ to my external IP -> Port is open message

Opening port 443 for my local nextcloud box 192.168.1.5 is not working:
Negative response -> Port 443 is closed

Anyway I tried to configure SSL via:

sudo su
cd /var/snap/nextcloud/
mv certs certsOld
reboot
sudo su
/snap/bin/nextcloud.enable-https lets-encrypt -d

which results in:

root@nextcloud:/snap/bin# ./nextcloud.enable-https lets-encrypt -d
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
In order for Let's Encrypt to verify that you actually own the
domain(s) for which you're requesting a certificate, there are a
number of requirements of which you need to be aware:

1. In order to register with the Let's Encrypt ACME server, you must
   agree to the currently-in-effect Subscriber Agreement located
   here:

       https://letsencrypt.org/repository/

   By continuing to use this tool you agree to these terms. Please
   cancel now if otherwise.

2. You must have the domain name(s) for which you want certificates
   pointing at the external IP address of this machine.

3. Both ports 80 and 443 on the external IP address of this machine
   must point to this machine (e.g. port forwarding might need to be
   setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): jdullnig@gmail.com
Please enter your domain name(s) (space-separated): jjcloud.tk
Attempting to obtain certificates... error running certbot:

ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jjcloud.tk
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. jjcloud.tk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://jjcloud.tk/.well-known/acme-challenge/XkowUBCDpBukn5YYEmb2RadHpEFVK0jQe_V-xtQZr5w: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">

<html>
  <head>
    <titl"
IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through e-mails sent to jdullnig@gmail.com.
 - The following errors were reported by the server:

   Domain: jjcloud.tk
   Type:   unauthorized
   Detail: Invalid response from
   http://jjcloud.tk/.well-known/acme-challenge/XkowUBCDpBukn5YYEmb2RadHpEFVK0jQe_V-xtQZr5w:
   "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">

   <html>
     <head>
       <titl"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at
   /var/snap/nextcloud/current/certs/certbot/config. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
root@nextcloud:/snap/bin#

I was following this thread:

(btw. nice to see, that my nextcloud was updated to 11.0.2 today ;))

So, I am currently stuck with 2 issues…?
or is the letsencrypt error related to the closed 443 port?
I am also not sure if somehow the port 443 is opened automatically only after it was configured on my ssl setup?

I am really unhappy at the moment… because my first setup (with working SSL) a couple months ago was working out of the box. and now I am without a clue…

If somebody could help please…
thx!!!

now, where I was ready to give up, I got SSL working

what I did:
I registered an asuscomm.com dyndns instead a freenomt.tk DNS.

Weird!

Glad it works though.

Friends!

I am running into the exact same error. Is this truely a problem with the domain name hoster?

With other words would another domain hoster/domain name fix this problem? Are the people who know free domain names that are working?