Enable Let's Encrypt SSL in Nextcloud on FreeNAS

altmann_ta

Cadet
Joined
Sep 6, 2019
Messages
1
First off, apologies I don't explain everything perfectly, I will try my best.
Constructive criticism is always welcome.

Prerequisites:

Must have a FQDN that points to your outside IP address, duckdns.org is a good place to start.
Test this by pinging your FQDN ("ping example.duckdns.org") from the internet and check that it resolves to your outside IP.

MUST HAVE port forwarded :80 and :443 on your router to your NextCloud jail IP.
If not cert creation will fail.

Instructions:

1. SSH into your FreeNAS as root user
"SSH root@ip_of_your_freenas"

2. SSH into nextcloud jail
"iocage console nextcloud"

3. install nano text editor so we can edit a few config files.
"pkg update -f"
"portsnap fetch extract"
"cd /usr/ports/editors/nano/ && make install clean BATCH=yes"

4. Edit nginx.conf to add our FQDN
"nano /usr/local/etc/nginx/nginx.conf"
Then add and change example.duckdns.org to your FQDN name you created earlier;

server {
listen 80;
listen [::]:80;
server_name example.duckdns.org;
return 301 https://$server_name$request_uri;
}

Be sure to save the file when finished.

5. Restart the nextcloud jail from your freenas webGUI, then log back into nextcloud SSH.

6. install ACME.SH
You can either run this script,
"curl https://get.acme.sh | sh"
or checkout the git page, https://github.com/Neilpang/acme.sh

8. Issue a CERT
change example.duckdns.org to your FQDN name you created earlier;
"acme.sh --issue -d example.duckdns.org -w /home/wwwroot/example.duckdns.org"

9. Copy the output of the cert to notepad to refer to later, taking special note of the locations of
Your cert is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer
and
Your cert key is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.key

10. Edit nextcloud.conf to enforce HTTPS
"nano /usr/local/etc/nginx/conf.d/nextcloud.conf"

Change example.duckdns.org to your FQDN
ssl_certificate is your .cer file location from acme.sh output
ssl_certificate_key is your .key file location from acme.sh output

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.duckdns.org;
ssl_certificate /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/example.duckdns.org/example.duckdns.org.key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

Be sure to save the file when finished.

11. Add your new FQDN to nextcloud trusted domains.
"nano /usr/local/www/nextcloud/config/config.php"

then add;

1 => 'example.duckdns.org',

You could also remove the local IP and just have your FQDN here.
Be sure to save the file when finished.

12. Restart the nextcloud jail from your freenas webGUI.

13. Test by going to your FQDN example.duckdns.org

If I missed something please let me know and I will edit accordingly.

Hope this helps someone :)
 

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
Did anybody try this? Does it work?

And what are the implications if I want to upgrade the plugin later on?
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
Did anybody try this? Does it work?

And what are the implications if I want to upgrade the plugin later on?

And what when the cert expires? I have been looking for a good way to get secure external access to my nextcloud without having to install all from scratch and at the same time low maintenance. I have been looking at introducing pfsense as my router and using the ACME package and the HAproxy to set up let's encrypt and a reverse proxy but i seem to be running into some issues with opening up port 80 in pfsense at the time which is needed for ACME to generate the cert.
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
And what when the cert expires? I have been looking for a good way to get secure external access to my nextcloud without having to install all from scratch and at the same time low maintenance. I have been looking at introducing pfsense as my router and using the ACME package and the HAproxy to set up let's encrypt and a reverse proxy but i seem to be running into some issues with opening up port 80 in pfsense at the time which is needed for ACME to generate the cert.

Just as an update. I completed the process and it works like a charm. I replaced my Mikrotik router with a Dell R210 running pfsense and followed THIS guide to install and set up let's encrypt certs using the ACME package in pfsense and after that THIS guide from the same publisher to set up a reverse proxy using HAProxy and this really works as a charm. The good part is that you can very easily renew the cert and secondly, it also redirects http to https. To me, this is a better solution then embedding it in Nextcloud as it allows you to add more certs, and servers to the back end.
 

Simplicity

Dabbler
Joined
Jun 13, 2015
Messages
28
Im getting an error 400 issuing a cert to my xxxx.ddns.net following your steps.
If i update nginx prior my nextcloud breaks and acme doesnt get as far.

any idea? i made sure 80 and 443 are fwded in router

my external DNS is working. just cant generate a cert properly. key is generated but no .cer file

Maybe No-IP DNS does not support this....
 
Last edited:

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
Im getting an error 400 issuing a cert to my xxxx.ddns.net following your steps.
If i update nginx prior my nextcloud breaks and acme doesnt get as far.

any idea? i made sure 80 and 443 are fwded in router

my external DNS is working. just can't generate a cert properly. key is generated but no .cer file

Maybe No-IP DNS does not support this....

The biggest challenges were related to my network topology and the fact that i have a ISP router/modem that i can not eliminate. So, what does your current network setup look like? In my specific case, i own my domain name so i configured a separate record cloud.xxxxxx.xx which i linked with my ISP appointed external IP address. i have the ISP router (which is still in DHCP mode as my cable TV needs it) in which i had to open up port 80 and 443 for the internal IP that the ISP router had appointed to pfsense WAN side (192.168.0.xxx).
 

nsc97

Cadet
Joined
Jun 15, 2020
Messages
1
Your guide is good however when issuing the issue cert command on Freenas 11.3-U3.2 with nextcloud 19.0 plugin in a jail I had to use acme.sh --issue -d nextcloud.example.com --nginx as the command as the root of my website was not where the OPs was. Good guide otherwise.

[mod note: edited for privacy]
 

Dellyjoe

Explorer
Joined
Jun 12, 2020
Messages
80
Hey Everyone, I'm running 11.3 U3.2 and nextcloud 19.0.0_1, I was not able to get this to work, I got all the way down to step 8 and I was able to get a key, but not a cert. I then decided to keep moving through, I tired NSC97 command, but that didn't seem to work. I next can't access my nextcloud from my local IP or my public IP.

Does anyone know how to revert this issue?
 

andre1981

Cadet
Joined
Jul 17, 2020
Messages
3
Hey Everyone, I'm running 11.3 U3.2 and nextcloud 19.0.0_1, I was not able to get this to work, I got all the way down to step 8 and I was able to get a key, but not a cert. I then decided to keep moving through, I tired NSC97 command, but that didn't seem to work. I next can't access my nextcloud from my local IP or my public IP.

Does anyone know how to revert this issue?

Undoing step #4 and restarting the jail helped me get back to being able to access everything.
 

Dellyjoe

Explorer
Joined
Jun 12, 2020
Messages
80
Undoing step #4 and restarting the jail helped me get back to being able to access everything.
Thanks Andre1981 I ended up using danb35 work's on his nextcloud installation.


But thanks for the help for next time if that happens.
 

pieca

Cadet
Joined
Jun 4, 2020
Messages
5
Thanks Altman for this tutorial !
I'm on FreeNAS 11.3Rp13 / Nextcloud plugin 19.0.2 (in a VNET jail) with a duckdns.org domain
I had to skip #4 (it kills my Nextcloud) so no :
server {
listen 80;
listen [::]:80;
server_name example.duckdns.org;
return 301 https://$server_name$request_uri;
}

in my Nginx.conf

I also had to use :
acme.sh --issue -d nextcloud.example.com --nginx
to get the certificate

Now my Nextcloud domain works with https, thanks you !

Any idea how to renew the certificate automatically?
 

Piereligio

Dabbler
Joined
Mar 9, 2021
Messages
13
Thanks Altman for this tutorial !
I'm on FreeNAS 11.3Rp13 / Nextcloud plugin 19.0.2 (in a VNET jail) with a duckdns.org domain
I had to skip #4 (it kills my Nextcloud) so no :
server {
listen 80;
listen [::]:80;
server_name example.duckdns.org;
return 301 https://$server_name$request_uri;
}

in my Nginx.conf

I also had to use :
acme.sh --issue -d nextcloud.example.com --nginx
to get the certificate

Now my Nextcloud domain works with https, thanks you !

Any idea how to renew the certificate automatically?

Hey, did you find any way to renew it?
 

IhorVen

Cadet
Joined
Mar 16, 2021
Messages
2
First off, apologies I don't explain everything perfectly, I will try my best.
Constructive criticism is always welcome.

Prerequisites:

Must have a FQDN that points to your outside IP address, duckdns.org is a good place to start.
Test this by pinging your FQDN ("ping example.duckdns.org") from the internet and check that it resolves to your outside IP.

MUST HAVE port forwarded :80 and :443 on your router to your NextCloud jail IP.
If not cert creation will fail.

Instructions:

1. SSH into your FreeNAS as root user
"SSH root@ip_of_your_freenas"

2. SSH into nextcloud jail
"iocage console nextcloud"

3. install nano text editor so we can edit a few config files.
"pkg update -f"
"portsnap fetch extract"
"cd /usr/ports/editors/nano/ && make install clean BATCH=yes"

4. Edit nginx.conf to add our FQDN
"nano /usr/local/etc/nginx/nginx.conf"
Then add and change example.duckdns.org to your FQDN name you created earlier;

server {
listen 80;
listen [::]:80;
server_name example.duckdns.org;
return 301 https://$server_name$request_uri;
}

Be sure to save the file when finished.

5. Restart the nextcloud jail from your freenas webGUI, then log back into nextcloud SSH.

6. install ACME.SH
You can either run this script,
"curl https://get.acme.sh | sh"
or checkout the git page, https://github.com/Neilpang/acme.sh

8. Issue a CERT
change example.duckdns.org to your FQDN name you created earlier;
"acme.sh --issue -d example.duckdns.org -w /home/wwwroot/example.duckdns.org"

9. Copy the output of the cert to notepad to refer to later, taking special note of the locations of
Your cert is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer
and
Your cert key is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.key

10. Edit nextcloud.conf to enforce HTTPS
"nano /usr/local/etc/nginx/conf.d/nextcloud.conf"

Change example.duckdns.org to your FQDN
ssl_certificate is your .cer file location from acme.sh output
ssl_certificate_key is your .key file location from acme.sh output

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.duckdns.org;
ssl_certificate /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/example.duckdns.org/example.duckdns.org.key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

Be sure to save the file when finished.

11. Add your new FQDN to nextcloud trusted domains.
"nano /usr/local/www/nextcloud/config/config.php"

then add;

1 => 'example.duckdns.org',

You could also remove the local IP and just have your FQDN here.
Be sure to save the file when finished.

12. Restart the nextcloud jail from your freenas webGUI.

13. Test by going to your FQDN example.duckdns.org

If I missed something please let me know and I will edit accordingly.

Hope this helps someone :)
Thanks for the guide, but all time I've got an error to get certificate.
Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited"
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
error:rateLimited
You have made too many requests (maybe while trying to find the right settings) and you are blocked.


The way I'm reading it, you might be able to try again in an hour.

Alternatively, you can use their staging service to test with (which has no rate limit) and get the settings right before trying again on the production service.

 

IhorVen

Cadet
Joined
Mar 16, 2021
Messages
2
You have made too many requests (maybe while trying to find the right settings) and you are blocked.


The way I'm reading it, you might be able to try again in an hour.

Alternatively, you can use their staging service to test with (which has no rate limit) and get the settings right before trying again on the production service.

Thanks for your respond. I'm trying to understand why it's not work for me. This is my full log, help me if you know how it fix.

[Tue Mar 16 17:29:17 EET 2021] Running cmd: issue
[Tue Mar 16 17:29:17 EET 2021] _main_domain='myhost.duckdns.org'
[Tue Mar 16 17:29:17 EET 2021] _alt_domains='no'
[Tue Mar 16 17:29:17 EET 2021] Using config home:/root/.acme.sh
[Tue Mar 16 17:29:17 EET 2021] default_acme_server
[Tue Mar 16 17:29:17 EET 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Mar 16 17:29:17 EET 2021] DOMAIN_PATH='/root/.acme.sh/myhost.duckdns.org'
[Tue Mar 16 17:29:17 EET 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 16 17:29:17 EET 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 16 17:29:17 EET 2021] GET
[Tue Mar 16 17:29:17 EET 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Mar 16 17:29:17 EET 2021] timeout=
[Tue Mar 16 17:29:17 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Tue Mar 16 17:29:17 EET 2021] ret='0'
[Tue Mar 16 17:29:17 EET 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Mar 16 17:29:17 EET 2021] ACME_NEW_AUTHZ
[Tue Mar 16 17:29:17 EET 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 16 17:29:17 EET 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Mar 16 17:29:17 EET 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Mar 16 17:29:17 EET 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Mar 16 17:29:17 EET 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Mar 16 17:29:17 EET 2021] ACME_VERSION='2'
[Tue Mar 16 17:29:18 EET 2021] Le_NextRenewTime
[Tue Mar 16 17:29:18 EET 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 16 17:29:18 EET 2021] _on_before_issue
[Tue Mar 16 17:29:18 EET 2021] _chk_main_domain='myhost.duckdns.org'
[Tue Mar 16 17:29:18 EET 2021] _chk_alt_domains
[Tue Mar 16 17:29:18 EET 2021] Le_LocalAddress
[Tue Mar 16 17:29:18 EET 2021] d='myhost.duckdns.org'
[Tue Mar 16 17:29:18 EET 2021] Check for domain='myhost.duckdns.org'
[Tue Mar 16 17:29:18 EET 2021] _currentRoot='/home/wwwroot/myhost.duckdns.org'
[Tue Mar 16 17:29:18 EET 2021] d
[Tue Mar 16 17:29:18 EET 2021] _saved_account_key_hash is not changed, skip register account.
[Tue Mar 16 17:29:18 EET 2021] Read key length:
[Tue Mar 16 17:29:18 EET 2021] _createcsr
[Tue Mar 16 17:29:18 EET 2021] Single domain='myhost.duckdns.org'
[Tue Mar 16 17:29:18 EET 2021] Getting domain auth token for each domain
[Tue Mar 16 17:29:18 EET 2021] d
[Tue Mar 16 17:29:18 EET 2021] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 16 17:29:18 EET 2021] payload='{"identifiers": [{"type":"dns","value":"myhost.duckdns.org"}]}'
[Tue Mar 16 17:29:18 EET 2021] RSA key
[Tue Mar 16 17:29:18 EET 2021] HEAD
[Tue Mar 16 17:29:18 EET 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Mar 16 17:29:18 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -I '
[Tue Mar 16 17:29:19 EET 2021] _ret='0'
[Tue Mar 16 17:29:19 EET 2021] POST
[Tue Mar 16 17:29:19 EET 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 16 17:29:19 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Tue Mar 16 17:29:20 EET 2021] _ret='0'
[Tue Mar 16 17:29:20 EET 2021] code='201'
[Tue Mar 16 17:29:20 EET 2021] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/115897075/8485662441'
[Tue Mar 16 17:29:20 EET 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/115897075/8485662441'
[Tue Mar 16 17:29:20 EET 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/11609046576'
[Tue Mar 16 17:29:20 EET 2021] payload
[Tue Mar 16 17:29:20 EET 2021] POST
[Tue Mar 16 17:29:20 EET 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/11609046576'
[Tue Mar 16 17:29:20 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Tue Mar 16 17:29:20 EET 2021] _ret='0'
[Tue Mar 16 17:29:20 EET 2021] code='200'
[Tue Mar 16 17:29:20 EET 2021] d='myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] Getting webroot for domain='myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] _w='/home/wwwroot/myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] _currentRoot='/home/wwwroot/myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ","token":"Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ"'
[Tue Mar 16 17:29:20 EET 2021] token='Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ'
[Tue Mar 16 17:29:20 EET 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:20 EET 2021] keyauthorization='Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ.e_mO1wWlZ54SeWQtrPXYWP95BfMfkPKt8JYY4mcKwKs'
[Tue Mar 16 17:29:20 EET 2021] dvlist='myhost.duckdns.org#Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ.e_mO1wWlZ54SeWQtrPXYWP95BfMfkPKt8JYY4mcKwKs#https://acme-v02.api.letsencrypt.or...gmpQ#http-01#/home/wwwroot/myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] d
[Tue Mar 16 17:29:20 EET 2021] vlist='myhost.duckdns.org#Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ.e_mO1wWlZ54SeWQtrPXYWP95BfMfkPKt8JYY4mcKwKs#https://acme-v02.api.letsencrypt.or...gmpQ#http-01#/home/wwwroot/myhost.duckdns.org,'
[Tue Mar 16 17:29:20 EET 2021] d='myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] ok, let's start to verify
[Tue Mar 16 17:29:20 EET 2021] Verifying: myhost.duckdns.org
[Tue Mar 16 17:29:20 EET 2021] d='myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] keyauthorization='Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ.e_mO1wWlZ54SeWQtrPXYWP95BfMfkPKt8JYY4mcKwKs'
[Tue Mar 16 17:29:20 EET 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:20 EET 2021] _currentRoot='/home/wwwroot/myhost.duckdns.org'
[Tue Mar 16 17:29:20 EET 2021] wellknown_path='/home/wwwroot/myhost.duckdns.org/.well-known/acme-challenge'
[Tue Mar 16 17:29:20 EET 2021] writing token:Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ to /home/wwwroot/myhost.duckdns.org/.well-known/acme-challenge/Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ
[Tue Mar 16 17:29:20 EET 2021] Changing owner/group of .well-known to root:wheel
[Tue Mar 16 17:29:20 EET 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:20 EET 2021] payload='{}'
[Tue Mar 16 17:29:20 EET 2021] POST
[Tue Mar 16 17:29:20 EET 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:20 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Tue Mar 16 17:29:21 EET 2021] _ret='0'
[Tue Mar 16 17:29:21 EET 2021] code='200'
[Tue Mar 16 17:29:21 EET 2021] trigger validation code: 200
[Tue Mar 16 17:29:21 EET 2021] sleep 2 secs to verify
[Tue Mar 16 17:29:23 EET 2021] checking
[Tue Mar 16 17:29:23 EET 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:23 EET 2021] payload
[Tue Mar 16 17:29:23 EET 2021] POST
[Tue Mar 16 17:29:23 EET 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:23 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Tue Mar 16 17:29:24 EET 2021] _ret='0'
[Tue Mar 16 17:29:24 EET 2021] code='200'
[Tue Mar 16 17:29:24 EET 2021] myhost.duckdns.org:Verify error:Fetching https://myhost.duckdns.org/.well-known/acme-challenge/Zb-vn1iNlgP5mAhS3HqEQZALLcMzpygfdbjHUoQ7IOQ: Connection refused
[Tue Mar 16 17:29:24 EET 2021] pid
[Tue Mar 16 17:29:24 EET 2021] No need to restore nginx, skip.
[Tue Mar 16 17:29:24 EET 2021] _clearupdns
[Tue Mar 16 17:29:24 EET 2021] dns_entries
[Tue Mar 16 17:29:24 EET 2021] skip dns.
[Tue Mar 16 17:29:24 EET 2021] _on_issue_err
[Tue Mar 16 17:29:24 EET 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Tue Mar 16 17:29:24 EET 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:24 EET 2021] payload='{}'
[Tue Mar 16 17:29:24 EET 2021] POST
[Tue Mar 16 17:29:24 EET 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11609046576/PSgmpQ'
[Tue Mar 16 17:29:24 EET 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Tue Mar 16 17:29:25 EET 2021] _ret='0'
[Tue Mar 16 17:29:25 EET 2021] code='400'
 

asw2012

Contributor
Joined
Dec 17, 2012
Messages
182
Hoping someone here can help. I am a bit of a newb with SSL - Nextcloud

-I have my domain pointing to my nextcloud server
-I also have both port 80 and 443 forwarded on my router to my nextcloud server
-I do have a *.cer file from my domain provider - but I do not know where to install/copy file to in my nextcloud server to make SSL/HTTPS work.

I can not connect with HTTPS yet.

thanks.
 

vaxman14

Cadet
Joined
Apr 30, 2022
Messages
1
Hi,

I am stuck on stage 8. it times out.

everything before that worked like magic, I can ping all ip addresses. I am lost

Please help

Here is the response:
Code:
root@vaxmanserver:~ # acme.sh --issue -d www.vaxmanmagic.com -w /home/wwwroot/www.vaxmanmagic.com
[Sat Apr 30 01:29:01 PDT 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Apr 30 01:29:01 PDT 2022] Single domain='www.vaxmanmagic.com'
[Sat Apr 30 01:29:01 PDT 2022] Getting domain auth token for each domain
[Sat Apr 30 01:29:18 PDT 2022] Getting webroot for domain='www.vaxmanmagic.com'
[Sat Apr 30 01:29:18 PDT 2022] Verifying: www.vaxmanmagic.com
[Sat Apr 30 01:29:24 PDT 2022] Processing, The CA is processing your order, please just wait. (1/30)
[Sat Apr 30 01:29:32 PDT 2022] Processing, The CA is processing your order, please just wait. (2/30)
[Sat Apr 30 01:29:40 PDT 2022] Processing, The CA is processing your order, please just wait. (3/30)
[Sat Apr 30 01:29:47 PDT 2022] Processing, The CA is processing your order, please just wait. (4/30)
[Sat Apr 30 01:29:56 PDT 2022] Processing, The CA is processing your order, please just wait. (5/30)
[Sat Apr 30 01:30:05 PDT 2022] Processing, The CA is processing your order, please just wait. (6/30)
[Sat Apr 30 01:30:13 PDT 2022] Processing, The CA is processing your order, please just wait. (7/30)
[Sat Apr 30 01:30:23 PDT 2022] Processing, The CA is processing your order, please just wait. (8/30)
[Sat Apr 30 01:30:32 PDT 2022] Processing, The CA is processing your order, please just wait. (9/30)
[Sat Apr 30 01:30:55 PDT 2022] Processing, The CA is processing your order, please just wait. (10/30)
[Sat Apr 30 01:31:04 PDT 2022] Processing, The CA is processing your order, please just wait. (11/30)
[Sat Apr 30 01:31:12 PDT 2022] Processing, The CA is processing your order, please just wait. (12/30)
[Sat Apr 30 01:31:19 PDT 2022] Processing, The CA is processing your order, please just wait. (13/30)
[Sat Apr 30 01:31:27 PDT 2022] Processing, The CA is processing your order, please just wait. (14/30)
[Sat Apr 30 01:31:36 PDT 2022] Processing, The CA is processing your order, please just wait. (15/30)
[Sat Apr 30 01:31:44 PDT 2022] Processing, The CA is processing your order, please just wait. (16/30)
[Sat Apr 30 01:31:52 PDT 2022] Processing, The CA is processing your order, please just wait. (17/30)
[Sat Apr 30 01:31:54 PDT 2022] Processing, The CA is processing your order, please just wait. (18/30)
[Sat Apr 30 01:32:08 PDT 2022] Processing, The CA is processing your order, please just wait. (19/30)
[Sat Apr 30 01:32:15 PDT 2022] Processing, The CA is processing your order, please just wait. (20/30)
[Sat Apr 30 01:32:23 PDT 2022] Processing, The CA is processing your order, please just wait. (21/30)
[Sat Apr 30 01:32:31 PDT 2022] Processing, The CA is processing your order, please just wait. (22/30)
[Sat Apr 30 01:32:40 PDT 2022] Processing, The CA is processing your order, please just wait. (23/30)
[Sat Apr 30 01:32:49 PDT 2022] Processing, The CA is processing your order, please just wait. (24/30)
[Sat Apr 30 01:32:58 PDT 2022] Processing, The CA is processing your order, please just wait. (25/30)
[Sat Apr 30 01:33:13 PDT 2022] Processing, The CA is processing your order, please just wait. (26/30)
[Sat Apr 30 01:33:20 PDT 2022] Processing, The CA is processing your order, please just wait. (27/30)
[Sat Apr 30 01:33:28 PDT 2022] Processing, The CA is processing your order, please just wait. (28/30)
[Sat Apr 30 01:33:37 PDT 2022] Processing, The CA is processing your order, please just wait. (29/30)
[Sat Apr 30 01:33:44 PDT 2022] www.vaxmanmagic.com:Timeout
[Sat Apr 30 01:33:44 PDT 2022] Please add '--debug' or '--log' to check more details.
[Sat Apr 30 01:33:44 PDT 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
 
Top