404 Not Found After certbot on FAMP


#1

Trying to set up a Nextcloud box on a FreeBSD jail. I get the 404 not found error. Based on my Google-Fu, one of the common issues is that there is a AAAA record for the domain. I checked and there is no AAAA record.

Any ideas where to start?

My domain is:cloud.rangelmedianetwork.com

I ran this command: certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d cloud.rangelmedianetwork.com

It produced this output:

My web server is (include version): Apache24

The operating system my web server runs on is (include version): FreeBSD jail in FreeNAS

My hosting provider, if applicable, is:N/A

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi,

I’m not really sure with FreeBSD Jail.

As what I believe, if you are using certbot & webroot, choose other webroot paths could help you avoid the redirections set by your file…

Can you try to use other webroot paths? (Or, might the jail be a problem? Since certbot might not running in jail… as it’s in sudo/root mode??)

Thank you


#3

The webroot should be the directory from which the root of the domain is served (so that if you put a file there eg test.txt it shows up at http://cloud.rangelmedianetwork.com/test.txt on the web).

It looks you have nextcloud installed at http://cloud.rangelmedianetwork.com/nextcloud - is /usr/local/www/apache24/data/nextcloud actually where nextcloud is installed? If so then the correct webroot path is probably /usr/local/www/apache24/data

Or it could be somewhere else if you used an alias - check your Apache configuration in that case, I guess.


#4

Wait…

I thought webroot can use any folder on the server (If certbot can access it.)

Since Last time I actually used /var/leverify and succeed with the validation…


#5

It can, but the webserver has to be configured to use the same folder as its webroot too. I’m just guessing at how @oguruma’s webserver is already configured.

Or I guess you can do some tricks like mapping /.well-known/acme-challenge/ to a particular location so that the webserver doesn’t have to use that as its webroot for everything else - which I believe is how certbot’s apache and nginx plugins work behind the scenes - but it’s usually not necessary to go to that much trouble :slight_smile:


#6

Yes, /usr/local/www/apache24/data/nextcloud is where the Nextcloud files are…

Could a screwed up virtualhost file be the problem?


#7

Possibly, but before going down that route can you try this if you haven’t already?

certbot certonly --webroot -w /usr/local/www/apache24/data -d cloud.rangelmedianetwork.com

#8

Returns IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cloud.rangelmedianetwork.com
    Type: connection
    Detail: Fetching
    https://cloud.rangelmedianetwork.com/.well-known/acme-challenge/k0UsLrNMmEqV3wJpfDn80XW0Z24TJUiT6IlsZ0DeKmg:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.


#9

Your service is misconfigured because it’s speaking HTTP on port 443 instead of HTTPS.


#10

You seem to have added a HTTP-to-HTTPS redirect since I last checked. That won’t work until you’ve fixed the issue that @schoen mentioned, and you’ll also need a certificate. While a self-signed cert would work for the validation process, it would probably be simpler to just remove the redirect, get a valid Let’s Encrypt cert, set up HTTPS in Apache, then put the redirect back in.


#11

I removed the redirect. I’m not sure where the error in the configuration would be. I’ll admit I’ve only ever set up webservers from guides, and only on Linux.

I am following the guide here.


#12

Did you then try running the command again? What was the outcome?

EDIT: wait, are you sure you removed it? it still seems to redirect for me.


#13

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cloud.rangelmedianetwork.com
    Type: connection
    Detail: Fetching
    https://cloud.rangelmedianetwork.com/.well-known/acme-challenge/WnY-vzGFCG3XaMBkAY6Id9RX1hLg7XTkKW46DMEcObA:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.


#14

Are you sure you removed the redirect? It seems to still redirect for me (except for the root page for some reason) - and apparently for the validation server too (note the https URL in the error message above)

Maybe you need to restart apache?


#15

I restarted apache. I removed it, unless it’s elsewhere in a config other than /usr/local/www/apache24/data/nextcloud/.htaccess


#16

It’s probably somewhere else indeed, as it’s affecting URLs outside of that directory. Could it be in your VirtualHost configuration? Or is there a file /usr/local/www/apache24/data/.htaccess?


#17

@jmorahan I think you had it when you asked if there is an alias for nextcloud and the webroot is actually elsewhere.

grep -Eri 'alias|nextcloud' /usr/local/www /etc/apache2


#18

/usr/local/www/apache24/data is the webroot. The nextcloud files are in /usr/local/www/apache24/data/nextcloud


#19

Show the line in the config file that says:
DocumentRoot /…

And there will be no doubt.
Otherwise show:
grep -Eri 'alias|nextcloud|documentroot|challenge' /usr/local/www /etc/apache2

I don’t mean to sound confrontational.
It’s just that you say it’s there but the validation program can’t find the files certbot places in there.
Something is not working as you expect it to be.
I just don’t take anything for granted.


#20

I don’t believe we’ve seen any evidence of that yet. There was a 404 when the nextcloud subdirectory was used as the webroot, and an “Error getting validation data” when it redirected to broken HTTPS, but I don’t think we’ve yet seen what happens when using /usr/local/www/apache24/data without redirecting - unless I’ve missed something?