danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Should be. Does your ISP block port 80? Many residential ISPs do.I port forwaded 80 and 443 to the jail ip address, is that right?
Should be. Does your ISP block port 80? Many residential ISPs do.I port forwaded 80 and 443 to the jail ip address, is that right?
I just checked, it is open...what could it be?Should be. Does your ISP block port 80? Many residential ISPs do.
Hard to say with what you've given. Ultimately, in order to validate domain ownership, Let's Encrypt needs to be able to connect to http://YOURDOMAIN/.well-known/acme-challenge and read the challenge file. Try it from your smartphone, with WiFi turned off (so it's going over the public Internet). Create /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/testfile.txt, put some text in there, and see if you can load that with your phone.what could it be?
root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known # touch /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/testfile.txt touch: /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/testfile.txt: No such file or directory root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known # ll total 0 root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known #
certbot will create that for you, or you can create it yourself.I realized I do not have an "acme-challenge" directory
Once you get the certificate, you can configure the web server to open that port and respond to SSL requests.port 443 is closed tho
Nothing @danb35 , I created the "acme-challenge" dir and ran the command again, and this is the output...certbot will create that for you, or you can create it yourself.
Once you get the certificate, you can configure the web server to open that port and respond to SSL requests.
root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known # certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d MYDOMAIN.DDNS.NET Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for MYDOMAIN.DDNS.NET Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. thecloud.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://MYDOMAIN.DDNS.NET/.well-known/acme-challenge/0Vk6NN4CZQ1JlZqvbIxf2lzOsExlPQVO29E4g0OGF9Y: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: MYDOMAIN.DDNS.NET Type: connection Detail: Fetching https://thecloud.ddns.net/.well-known/acme-challenge/0Vk6NN4CZQ1JlZqvbIxf2lzOsExlPQVO29E4g0OGF9Y: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. root@nextcloud_1:/usr/local/www/apache24/data/nextcloud/.well-known #
Ok, so this is really weird, I created the "acme-challenge" directory and put the testfile.txt inside, AND when I use my phone to connect to the file, I CAN see it using my "public ip" but NOT using the "DOMAIN.DDNS.NET".Go back to trying to load it with your smartphone, with WiFi turned off. That's the best test I can think of, of whether the public Internet can actually see that directory on your server.
Hello
I have completed the setup
it's working on wired connection but not on wifi connected devices i.e. my phone
nextcloud is on 192.168.2.2
My PC is on 192.168.2.33 (working)
my phone is on 192.168.2.29 (cant access)
RewriteCond %{SERVER_NAME} =YOURSITE.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
Nothing, I did what stevetoza told me too, and still the same issue, but i can access the testfile.txt from the phone using my public ip instead of the MYDOMAIN.DDNS.NET. Any other ideas? Thanks for taking your time and answering me mate! This is what the letsencrypt log says:Go back to trying to load it with your smartphone, with WiFi turned off. That's the best test I can think of, of whether the public Internet can actually see that directory on your server.
2017-11-22 18:58:53,722:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: thecloud.ddns.net Type: connection Detail: Fetching https://thecloud.ddns.net/.well-known/acme-challenge/g-rBMbJlUNA45LCM01zfLBA-LcSG0NQgC6Vt3ktK3og: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your comp$ 2017-11-22 18:58:53,722:INFO:certbot.auth_handler:Cleaning up challenges 2017-11-22 18:58:53,722:DEBUG:certbot.plugins.webroot:Removing /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge/g-rBMbJlUNA45LCM01zfLBA-LcSG0NQgC6Vt3ktK3og 2017-11-22 18:58:53,723:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge 2017-11-22 18:58:53,723:DEBUG:certbot.plugins.webroot:Error was: [Errno 66] Directory not empty: '/usr/local/www/apache24/data/nextcloud/.well-known/acme-challenge' 2017-11-22 18:58:53,723:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/local/bin/certbot", line 11, in <module> load_entry_point('certbot==0.19.0', 'console_scripts', 'certbot')() File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main return config.func(config, plugins) File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 786, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File "/usr/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate self.config.allow_subset_of_names) File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations self._respond(resp, best_effort) File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond self._poll_challenges(chall_update, best_effort) File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. thecloud.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://thecloud.$
You can't run 2 domains on the same public IP without a properly configured reverse proxy server.I created it using the ddns.net dynamic hostnames, I have another one there and it works fine for my rasperry pi.
I did that, and NOTHING. Kept the port 80 block and tried both ways uncommented and commented the 2 lines, nothning. Same error. I dont get it, why can i connect using the public IP but not the MYDOMAIN.DDNS.NET? What is going on? @danb35Out of interest do you still have the ssl block in your vhost? If you do remove and just have the standard port 80 block restart apache and try cert bot again.
When going to your ddns address, is your router definitely port forward m, port 80 to the internal address
I have the rpi on another house. Thanks for the clarification though! cheers!You can't run 2 domains on the same public IP without a properly configured reverse proxy server.
It would help if you told us what happened when you tried using your hostname, rather than just saying "it doesn't work." But since you didn't redact the hostname in your earlier post, we can see that you still have a redirect in there, as @stevetoza mentioned above. Your system is trying to redirect http to https, but it can't since your https isn't configured. You need to, as he said, comment out or remove that section.What is going on?
DONE! Thanks guys. So, what i did was the following:It would help if you told us what happened when you tried using your hostname, rather than just saying "it doesn't work." But since you didn't redact the hostname in your earlier post, we can see that you still have a redirect in there, as @stevetoza mentioned above. Your system is trying to redirect http to https, but it can't since your https isn't configured. You need to, as he said, comment out or remove that section.
RewriteCond %{SERVER_NAME} =YOURSITE.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
Now that it’s working, you might want to put the redirect back in.DONE! Thanks guys. So, what i did was the following:
Kept both vhosts blocks, but DELETED those 2 lines:
Code:RewriteCond %{SERVER_NAME} =YOURSITE.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
and VOILA!
Thanks @danb35 @Jailer @stevetoza
Ah ok ok I will, also one last thing, do you know how to add external storage. Like I want to be able to "see" my media folder in the nextcloud. I added the "storage" to the jail from /pool/media into /mnt/Server, and enabled the external storage in NC, but i cant mount it. I selected FTP and put /mnt/Server as host, and my login credentials for the media share. Have you done thit before? This is what i see...What is host, etc...Now that it’s working, you might want to put the redirect back in.