Hello Lets Encrypt Community,
I am running Nextcloud on a nginx Server since some time at home.
Because of a dynamic IP adress, I am using a dynDNS provider like noip.com (cloud.noip.com).
I certificated this domain and were able to excess it without problems.
Now I own a private domain (mydom.net).
What I did:
I created a subdomain (cloud.mydom.net) and made a CNAME entry to the DynDNS domain (cloud.noip.com). If I try to access the web server with https://cloud.mydom.net I get a certificate error because the server's certificate is for cloud.noip.com not for cloud.mydom.net. So far so good.
So I changed the nginx config file for the new domain and tried to run:
sudo certbot certonly --webroot -w /var/www/html/ -d cloud.mydom.net -m me@mydom.net --agree-tos
And get a 403 Frobidden error:
Domain: cloud.mydom.net
Type: unauthorized
Detail: Invalid response from
https://cloud.noip.com/.well-known/acme-challenge/YYXSsvHWNb6n2qr0-60rJqq1rXaU-cna-gi806koBBY
[MY.IP.AD.DR]: "<html>\r\n<head><title>403
Forbidden</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>403
Forbidden</h1></center>\r\n<hr><center>"
Could it be because of an already installed certificate on the server? (The old one from cloud.noip.com. The files are still in /etc/letsencrypt/live/cloud.noip.com/)
I don't know if this had to do something with the problem, but I can only access my Nextcloud Server if I type https:// cloud.mydom.net
[EDIT 1]
I restarted the Server and get as expected the error: /etc/letsencrypt/live/cloud.mydom.net/ not found
But if I run certbot again I get another Error
Domain: cloud.mydom.net
Type: connection
Detail: Fetching
http://cloud.mydom.net/.well-known/acme-challenge/qY2nGPBGB7eZIzBEhJ_t8R9KRRwf5wvbrfCJg4gJhfc:
Connection refused
[EDIT 2]
Now I tried to make a certificate for another subdomain (home.mydom.net) and added an A Record with my current IP. If I run the same certbot command I get the error:
The client lacks sufficient authorization
Domain: home.mydom.net
Type: unauthorized
Detail: Invalid response from
http://home.mydom.net/.well-known/acme-challenge/lMEdqQyQcILIWEHIMhN1yB7SLd1Wixm6x2qEy-jbI6A
[2001:8d8:100f:f000::2e0]: 204
[EDIT 3]
I tried it again with the cloud.noip.com domain directly and it works fine if I run the same certbot command again.
Here you find my records for both subdomains:
[EDIT 4]
Where should be the .well-known folder located? I can't find it anywhere.
Thank you for helping