danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Should be. Does your ISP block port 80? Many residential ISPs do.
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
How to install NextCloud 12.3 on FreeNAS 11 with all checks passed
- Thread starter dureal99d
- Start date
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
I just checked, it is open...what could it be?
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Hard to say with what you've given. Ultimately, in order to validate domain ownership, Let's Encrypt needs to be able to connect to http://YOURDOMAIN/.well-known/acme-challenge and read the challenge file. Try it from your smartphone, with WiFi turned off (so it's going over the public Internet). Create /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/testfile.txt, put some text in there, and see if you can load that with your phone.
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
@danb35
When I tried to do this, iI realized I do not have an "acme-challenge" directory, what is going on???
port 443 is closed tho...hmmm?
When I tried to do this, iI realized I do not have an "acme-challenge" directory, what is going on???
Code:
root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known # touch /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/testfile.txt touch: /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/testfile.txt: No such file or directory root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known # ll total 0 root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known #
port 443 is closed tho...hmmm?
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
certbot will create that for you, or you can create it yourself.
Once you get the certificate, you can configure the web server to open that port and respond to SSL requests.
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
Nothing @danb35 , I created the "acme-challenge" dir and ran the command again, and this is the output...
Code:
root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known # certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d MYDOMAIN.DDNS.NET Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for MYDOMAIN.DDNS.NET Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. thecloud.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://MYDOMAIN.DDNS.NET/.well-known/acme-challenge/0Vk6NN4CZQ1JlZqvbIxf2lzOsExlPQVO29E4g0OGF9Y: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: MYDOMAIN.DDNS.NET Type: connection Detail: Fetching https://thecloud.ddns.net/.well-known/acme-challenge/0Vk6NN4CZQ1JlZqvbIxf2lzOsExlPQVO29E4g0OGF9Y: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known #
Any other ideas? I can provide any info you need. Just tell me, I will be checking this every 5 mins.
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
Ok, so this is really weird, I created the "acme-challenge" directory and put the testfile.txt inside, AND when I use my phone to connect to the file, I CAN see it using my "public ip" but NOT using the "DOMAIN.DDNS.NET".
What is wrong with it? I created it using the ddns.net dynamic hostnames, I have another one there and it works fine for my rasperry pi.
Any ideas?
Do you setup ssl ? I see mobile app work with https only
I had this issue yesterday when following the guide.
What I had to do was comment out
In the vhost as its redirecting to https. as there is no SSL certificate already, its not able to check the file via https.
After commenting that out restart apache then try again
What I had to do was comment out
Code:
RewriteCond %{SERVER_NAME} =YOURSITE.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
In the vhost as its redirecting to https. as there is no SSL certificate already, its not able to check the file via https.
After commenting that out restart apache then try again
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
Nothing, I did what stevetoza told me too, and still the same issue, but i can access the testfile.txt from the phone using my public ip instead of the MYDOMAIN.DDNS.NET. Any other ideas? Thanks for taking your time and answering me mate! This is what the letsencrypt log says:
Code:
2017-11-22 18:58:53,722:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: thecloud.ddns.net
Type: connection
Detail: Fetching https://thecloud.ddns.net/.well-known/acme-challenge/g-rBMbJlUNA45LCM01zfLBA-LcSG0NQgC6Vt3ktK3og: Timeout
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your comp$
2017-11-22 18:58:53,722:INFO:certbot.auth_handler:Cleaning up challenges
2017-11-22 18:58:53,722:DEBUG:certbot.plugins.webroot:Removing /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/g-rBMbJlUNA45LCM01zfLBA-LcSG0NQgC6Vt3ktK3og
2017-11-22 18:58:53,723:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge
2017-11-22 18:58:53,723:DEBUG:certbot.plugins.webroot:Error was: [Errno 66] Directory not empty: '/usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge'
2017-11-22 18:58:53,723:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.19.0', 'console_scripts', 'certbot')()
File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
return config.func(config, plugins)
File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 786, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. thecloud.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://thecloud.$
Out of interest do you still have the ssl block in your vhost? If you do remove and just have the standard port 80 block restart apache and try cert bot again.
When going to your ddns address, is your router definitely port forward m, port 80 to the internal address
When going to your ddns address, is your router definitely port forward m, port 80 to the internal address
Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
You can't run 2 domains on the same public IP without a properly configured reverse proxy server.
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
I did that, and NOTHING. Kept the port 80 block and tried both ways uncommented and commented the 2 lines, nothning. Same error. I dont get it, why can i connect using the public IP but not the MYDOMAIN.DDNS.NET? What is going on? @danb35
I have the rpi on another house. Thanks for the clarification though! cheers!
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
It would help if you told us what happened when you tried using your hostname, rather than just saying "it doesn't work." But since you didn't redact the hostname in your earlier post, we can see that you still have a redirect in there, as @stevetoza mentioned above. Your system is trying to redirect http to https, but it can't since your https isn't configured. You need to, as he said, comment out or remove that section.
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
DONE! Thanks guys. So, what i did was the following:
Kept both vhosts blocks, but DELETED those 2 lines:
Code:
RewriteCond %{SERVER_NAME} =YOURSITE.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
and VOILA!
Thanks @danb35 @Jailer @stevetoza
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Now that it’s working, you might want to put the redirect back in.
rodofrn
Contributor
- Joined
- Apr 13, 2016
- Messages
- 180
Ah ok ok I will, also one last thing, do you know how to add external storage. Like I want to be able to "see" my media folder in the nextcloud. I added the "storage" to the jail from /pool/media into /mnt/Server, and enabled the external storage in NC, but i cant mount it. I selected FTP and put /mnt/Server as host, and my login credentials for the media share. Have you done thit before? This is what i see...What is host, etc...
Similar threads
- Locked
