I have forwarded ports, simplified domain registries down to one, and I have checked my nextcloud conf and conf/conf.php for domains. I have tried so many times now that it won't let me anymore, and I do not know where to go from here. I might give up an do everything unsecured at this point.
My domain is: Microtract.xyz
I ran this command: certbot --nginx -d microtract.xyz
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for microtract.xyz
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Detail: Fetching http://microtract.xyz/.well-known/acme-challenge/_e--RcWB0uInVy5sqBNroPsIKW8keOlWdKyl3zqbw0I: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessibl
My web server is (include version): nginx/1.20.2
The operating system my web server runs on is (include version): Freebsd 12.2 (jail to truenas core 12)
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0
You are not redirecting from http to https. Well, maybe you are but no one can connect using http right now to find out. You need to fix that first. The good thing is that connections using https work although return an invalid cert (one from TrueNAS Nextcloud). The faulty cert will not prevent Let's Encrypt from issuing a new one so don't worry about that now.
Review what you do correct for port 443 and do the same for port 80
Update: Oh, and add --test-cert to command to use the LE test system. Will not block you out as easily
curl -I http://microtract.xyz
curl: (28) Failed to connect to microtract.xyz port 80: Connection timed out
curl -Ik https://microtract.xyz
date: Sat, 29 Jan 2022 03:01:11 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
I'm biased, but I think my script is a better way to set up Nextcloud on Free/TrueNAS, and it completely automates the certificate process--but that's neither here nor there at this point; the problem is (as others have said, but just to make it explicit) that your server just isn't responding on port 80. This points to either a problem with your port forwarding setup, or an ISP that's blocking port 80.
If you are not too concerned with logs, there is a hack that can get nginx to use TLS-ALPN-01
It involves running nginx on multiple ports and using it to proxy back to itself on different ports (depending on the request type).