Can´t generate certificate with certbot


#1

I´ve tried it with my own nextcloud installation and with the one from tech&me.
I got always the same error.
What´s the reason ?
On my older version 12 it worked 2 month ago, but now not on the old, and also not on the new version 15.


#2

Hi @Crashy

without your domain name and your commands it’s impossible to find answers.

Please answer these questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

On the tech&me installation it´s a skript, so the command come automatically.
On my own installation it was:
certbot certonly --webroot -w /var/www/letsencrypt -d prezetak.ddns.net --rsa-key-size 4096

I´ve tried my installation based on this tutorial:
https://decatec.de/home-server/nextcloud-auf-ubuntu-server-18-04-lts-mit-nginx-mariadb-php-lets-encrypt-redis-und-fail2ban/

OS is ubuntu 18 LTS.


#4

Your main configuration


Domainname Http-Status redirect Sec. G
http://prezetak.ddns.net/
91.34.226.201 200 0.067 H
https://prezetak.ddns.net/
91.34.226.201 -14 10.024 T
Timeout - The operation has timed out
http://prezetak.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
91.34.226.201 404 0.070 A
Not Found

is ok. A 404 fetching a not existing file under /.well-known/acme-challenge.

This script

looks terrible. An extra proxy and a second vHost only to have a place to store the letsencrypt validation file. There are a lot of errors possible. So let’s test your configuration.

Create two directories in /var/www/letsencrypt:

/var/www/letsencrypt/.well-known/acme-challenge

there create a file (file name 1234), then try to load this file via

http://prezetak.ddns.net/.well-known/acme-challenge/1234

to see if your other configurations are ok.


#5

Uh - what’s that?

Checking the not existing url

http://prezetak.ddns.net/.well-known/acme-challenge/1234

there is a message:

404 - Datei oder Verzeichnis wurde nicht gefunden.

Die gesuchte Ressource wurde möglicherweise entfernt oder umbenannt, oder sie steht vorübergehend nicht zur Verfügung.

This is a typical IIS - error.

Checking your headers ( https://check-your-website.server-daten.de/?q=prezetak.ddns.net ):

Content-Type: text/html
Last-Modified: Sun, 16 Dec 2018 12:27:27 GMT
Accept-Ranges: bytes
ETag: “e7c4f0b43a95d41:0”
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 25 Dec 2018 14:29:52 GMT
Connection: close
Content-Length: 703

There is a Microsoft IIS running and answering /.well-known/acme-challenge.

So your configuration is completely different.


#6

The vm runs on Hyper-V of Windows Server 2016.
The nextcloud vm is completly guided by a script.
I´ve bought it here https://shop.hanssonit.se/product/nextcloud-vm-microsoft-hyper-v/ , because I had problems with my own installation and the funny thing was, that no one was generating the certificate.
So, it should be a problem in Hyper-V, because nothing was changed in the router configuration.

When I´m calling the address prezetak.ddns.net I got the answer, that it takes to long time to reach the website.
On https://check-your-website.server-daten.de/?q=prezetak.ddns.net I got these comments:


Port 80 and 443 are forwarded.


#7

Check the “Show header” - option.

net

Then you see the IIS - headers.

So your Linux-installation is invisible if a tool sees only the ISS/ASP.NET - headers. So Letsencrypt can’t see your Apache - webserver.

PS: Your current status T / Timeout isn’t a problem, there is no https configured.


#8

I got the fault on nginx with my own installation and on apache with the guided vm from T&M