I want to secure nextcloud local virtual host with self-signed certificates.
I can access to virtual host http://nextcloud.eduardo.com and i want to access via:https://nextcloud.eduardo.com
The server is ubuntu 18.04 with nginx.
My domain is:
virtual host nextcloud.eduardo.com
I ran this command:
sudo certbot --nginx
It produced this output:
2019-11-23 11:44:11,307:DEBUG:certbot.error_handler:Calling registered functions
2019-11-23 11:44:11,307:INFO:certbot.auth_handler:Cleaning up challenges
2019-11-23 11:44:12,675:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.27.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1124, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 391, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. nextcloud.eduardo.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://nextcloud.eduardo.com/.well-known/acme-challenge/kIefkn_F0wPAmafHOhFHAzIGcV3DP7T01yP1tEbs-U4 [45.79.19.196]: 404
2019-11-23 11:56:14,398:DEBUG:certbot.main:certbot version: 0.27.0
2019-11-23 11:56:14,399:DEBUG:certbot.main:Arguments:
2019-11-23 11:56:14,399:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-11-23 11:56:14,418:DEBUG:certbot.log:Root logging level set at 20
2019-11-23 11:56:14,418:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
My web server is (include version):
Nginx 1.14
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
No applicable
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
0.27
Some extra config ( i have my nextcloud installation in /usr/share/nginx/nextcloud16, then i create a .well known directory with acme with write permissions: /usr/share/nginx/nextcloud16/.well-known/acme-challenge
eduardo@eduardo-VirtualBox:/usr/share/nginx/nextcloud16$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: nextcloud.eduardo.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.eduardo.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. nextcloud.eduardo.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://nextcloud.eduardo.com/.well-known/acme-challenge/kIefkn_F0wPAmafHOhFHAzIGcV3DP7T01yP1tEbs-U4 [45.79.19.196]: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nextcloud.eduardo.com
Type: unauthorized
Detail: Invalid response from
http://nextcloud.eduardo.com/.well-known/acme-challenge/kIefkn_F0wPAmafHOhFHAzIGcV3DP7T01yP1tEbs-U4
[45.79.19.196]: 404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
eduardo@eduardo-VirtualBox:/usr/share/nginx/nextcloud16$ ls -all
total 176
drwxr-xr-x 16 www-data www-data 4096 nov 22 10:36 .
drwxr-xr-x 6 root root 4096 nov 10 19:25 ..
drwxr-xr-x 32 www-data www-data 4096 nov 10 11:55 3rdparty
drwxr-xr-x 44 www-data www-data 4096 nov 19 19:34 apps
-rw-r--r-- 1 www-data www-data 12063 nov 10 11:55 AUTHORS
drwxr-xr-x 2 www-data www-data 4096 nov 23 11:41 config
-rw-r--r-- 1 www-data www-data 3805 nov 10 11:55 console.php
-rw-r--r-- 1 www-data www-data 34520 nov 10 11:55 COPYING
drwxr-xr-x 23 www-data www-data 4096 nov 10 11:55 core
-rw-r--r-- 1 www-data www-data 4986 nov 10 11:55 cron.php
drwxr-xr-x 2 www-data www-data 4096 nov 11 10:15 data
-rw-r--r-- 1 www-data www-data 2480 nov 11 10:15 .htaccess
-rw-r--r-- 1 www-data www-data 156 nov 10 11:55 index.html
-rw-r--r-- 1 www-data www-data 3172 nov 10 11:55 index.php
-rw-r--r-- 1 root root 207 nov 11 13:34 info.html
drwxr-xr-x 6 www-data www-data 4096 nov 10 11:55 lib
-rw-r--r-- 1 www-data www-data 283 nov 10 11:55 occ
drwxr-xr-x 2 www-data www-data 4096 nov 10 11:55 ocm-provider
drwxr-xr-x 2 www-data www-data 4096 nov 10 11:55 ocs
drwxr-xr-x 2 www-data www-data 4096 nov 10 11:55 ocs-provider
-rw-r--r-- 1 www-data www-data 2951 nov 10 11:55 public.php
-rw-r--r-- 1 www-data www-data 5139 nov 10 11:55 remote.php
drwxr-xr-x 4 www-data www-data 4096 nov 10 11:55 resources
-rw-r--r-- 1 www-data www-data 26 nov 10 11:55 robots.txt
drwxr-xr-x 12 www-data www-data 4096 nov 10 11:55 settings
-rw-r--r-- 1 www-data www-data 2232 nov 10 11:55 status.php
-rwxrwxrwx 1 www-data www-data 215 nov 10 13:52 test.php
drwxr-xr-x 3 www-data www-data 4096 nov 10 11:55 themes
drwxr-xr-x 2 www-data www-data 4096 nov 10 11:55 updater
-rw-r--r-- 1 www-data www-data 101 nov 10 11:55 .user.ini
-rw-r--r-- 1 www-data www-data 362 nov 10 11:55 version.php
drwxr-xr-x 3 www-data www-data 4096 nov 22 10:37 .well-known