How to install Nextcloud 13 in FreeNAS with all checks passed updated to use iocage

[alexten9]

There shoul be option 1 or 2 to confirm that you agree. If succesfull you should see message saying that.

Yes.


I changed to 7.2, and it works.

You did not finish letsencrypt part, bu also check does your virtual host config file has .conf extension?

after your reply it did take me a bit further. after i agreed it gave me this.




Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.asuscomm.com
Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxxx.asuscomm.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xxxx.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vNIyyylfsJtIxvQjM_gS6QVg7gBAnkIc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: xxxx.asuscomm.com
Type: unauthorized
Detail: Invalid response from
http://xxxx.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vyylfsJtIxvQjM_gSg7gBAnkIc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.

 

[papaja]

after your reply it did take me a bit further. after i agreed it gave me this.




Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pcmd.asuscomm.com
Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxxx.asuscomm.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xxxx.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vNIyyylfsJtIxvQjM_gS6QVg7gBAnkIc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: xxxx.asuscomm.com
Type: unauthorized
Detail: Invalid response from
http://xxxx.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vyylfsJtIxvQjM_gSg7gBAnkIc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.

Can you post entire certbot command you used?

 

[adrianwi]

If you're planning on using Nextcloud and WordPress I would suggest tackling the SSL bit in a different way.

I'd recommend running separate jails for Nextcloud and WordPress, and if you want them both to be secure create a jail running Nginx as a reverse-proxy and use certbot in that to create all the certificates.

It might be a leap too far given you're only starting out with FreeNAS, but it will make life easier in the long run

 

[alexten9]

Can you post entire certbot command you used?

root@nextcloud:~ # certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d XXXX.asuscomm.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): XXXXXX@gmail.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for XXXX.asuscomm.com
Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. XXXX.asuscomm.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://XXXX.asuscomm.com/.well-known/acme-challenge/_RkscEzcKwNIyyylfsJtIxvQjM_gS6QVg7gBAnkIc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: XXXX.asuscomm.com
Type: unauthorized
Detail: Invalid response from
http://XXXX.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vylfsJtIxvQjM_gS6QVg7gBAnkIc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.

 

[alexten9]

If you're planning on using Nextcloud and WordPress I would suggest tackling the SSL bit in a different way.

I'd recommend running separate jails for Nextcloud and WordPress, and if you want them both to be secure create a jail running Nginx as a reverse-proxy and use certbot in that to create all the certificates.

It might be a leap too far given you're only starting out with FreeNAS, but it will make life easier in the long run

:) Thank you but im not there to understand all of that. I was looking for a more of a easy way out as I saw that the root folder of apache was not used. This is more for learning and home use. this all is being hosted from a dynamic ip at home. Not sure how to do reveres proxy. Need more of a how to to fallow to get to understand it.

 

[papaja]

I

root@nextcloud:~ # certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d XXXX.asuscomm.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): XXXXXX@gmail.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for XXXX.asuscomm.com
Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. XXXX.asuscomm.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://XXXX.asuscomm.com/.well-known/acme-challenge/_RkscEzcKwNIyyylfsJtIxvQjM_gS6QVg7gBAnkIc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: XXXX.asuscomm.com
Type: unauthorized
Detail: Invalid response from
http://XXXX.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vylfsJtIxvQjM_gS6QVg7gBAnkIc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.

I believe that something is wrong with your apache configuration.

Can you create html file in /usr/local/www/apache24/data/nextcloud, and try to open it from browser?

 

[alexten9]

I

I believe that something is wrong with your apache configuration.

Can you create html file in /usr/local/www/apache24/data/nextcloud, and try to open it from browser?

Sorry to be a pain but im just learning commands.
so i would cd /usr/local/www/apache24/data/nextcloud
but how would i put a html file in there?

 

[alexten9]

never mind i think i found a answer to that

touch test.html
nano test.html
?

 

[alexten9]

I

I believe that something is wrong with your apache configuration.

Can you create html file in /usr/local/www/apache24/data/nextcloud, and try to open it from browser?

i did this code in the file
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
</head>
<body>

<h1>My First Heading</h1>
<p>My first paragraph.</p>

</body>
</html>

went to /nextcloud/test.html

and it worked

My First Heading
My first paragraph.

 

[papaja]

never mind i think i found a answer to that

touch test.html
nano test.html
?

Yes. Can you open it using XXXX.asuscomm.com/test.html?

 

[dureal99d]

after your reply it did take me a bit further. after i agreed it gave me this.




Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.asuscomm.com
Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxxx.asuscomm.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xxxx.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vNIyyylfsJtIxvQjM_gS6QVg7gBAnkIc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: xxxx.asuscomm.com
Type: unauthorized
Detail: Invalid response from
http://xxxx.asuscomm.com/.well-known/acme-challenge/_RkscEzcKw0vyylfsJtIxvQjM_gSg7gBAnkIc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.

have you created and opening via your routers firewall for port 80 & 443 to the freenas ip address of your nextcloud? if not, this would be the cause of you error!!!!!!!!

 

[papaja]

have you created and opening via your routers firewall for port 80 & 443 to the freenas IP address of your nextcloud? if not, this would be the cause of you error!!!!!!!!

Port 443 is not needed for certification.

If port 80 was not open he would get different error. No response from client or similar.

 

[alexten9]

Yes. Can you open it using XXXX.asuscomm.com/test.html?

no but i put the test html file in to the nextcloud folder so don't you want me to test XXXX.asuscomm.com/nextcloud/test.html?
when i go to the just domain/test.html i get

have you created and opening via your routers firewall for port 80 & 443 to the freenas IP address of your nextcloud? if not, this would be the cause of you error!!!!!!!!

no that part is easy port 443 is being forwarded to my internal ip

 

[alexten9]

have you created and opening via your routers firewall for port 80 & 443 to the freenas IP address of your nextcloud? if not, this would be the cause of you error!!!!!!!!

Is there a firewall in freenas? i did port forwarding in my router but i didn't do anything in free nas

 

[papaja]

no but i put the test html file in to the nextcloud folder so don't you want me to test XXXX.asuscomm.com/nextcloud/test.html?
when i go to the just domain/test.html i get/

If you are following guide as written you should test XXXX.asuscomm.com/test.html.

Post name and content of your virtual host config file.

 

[alexten9]

If you are following guide as written you should test XXXX.asuscomm.com/test.html.

Post name and content of your virtual host config file.

If i remember right it was a test for php and that was good. are you sure its test.html? if you can point it where it was that would be nice. ill try searching as well. But i did try to fallow it one to one.

 

[alexten9]

If you are following guide as written you should test XXXX.asuscomm.com/test.html.

Post name and content of your virtual host config file.

IM trying to fined out how to get that file pulled up. Where do I look for it?

 

[papaja]

IM trying to fined out how to get that file pulled up. Where do I look for it?

It should be in /usr/local/etc/apache24/Includes and have name of your domain.

 

[alexten9]

It should be in /usr/local/etc/apache24/Includes and have name of your domain.

<VirtualHost *:80>
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
ServerName xxxx.asuscomm.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =xxxx.asuscom.comm
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin xxxxxx@gmail.com
ServerName xxxx.asuscomm.com
DirectoryIndex index.php
DocumentRoot /usr/local/www/apache24/data/nextcloud
SSLCertificateFile
/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/fullchain.pem
SSLCertificateKeyFile
/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/privkey.pem
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SH56:ECDHE-ECDSA-S128-GCM-SHA256:EHE-RSA-AES256-GCM-SH84$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Directory /usr/local/www/apache24/data/nextcloud>
AllowOverride all
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000;
includeSubDomains"
</IfModule>
</VirtualHost>

 

[papaja]

<VirtualHost *:80>
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
ServerName xxxx.asuscomm.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =xxxx.asuscom.comm
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin xxxxxx@gmail.com
ServerName xxxx.asuscomm.com
DirectoryIndex index.php
DocumentRoot /usr/local/www/apache24/data/nextcloud
SSLCertificateFile
/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/fullchain.pem
SSLCertificateKeyFile
/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/privkey.pem
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SH56:ECDHE-ECDSA-S128-GCM-SHA256:EHE-RSA-AES256-GCM-SH84$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Directory /usr/local/www/apache24/data/nextcloud>
AllowOverride all
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000;
includeSubDomains"
</IfModule>
</VirtualHost>

Please try to answer all questions. Does it have .conf extension? Can you access domain/test.html?