Certbot failed to authenticate domain for Nextcloud

I'm installing Nextcloud following these instructions on an Ubuntu server VM on Proxmox. I'm not a Linux expert, but everything went fine untill I tried to get a SSL certificate.

  • My domain is:
  • I ran this command:
    sudo certbot -v --apache
  • It produced this output:
    Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
    Domain: nextcloud.vanregteren.net
    Type: unauthorized
    Detail: During secondary validation: Invalid response from Login – Nextcloud 403
    Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
  • My web server is (include version):
    Apache 2.4.52
  • The operating system my web server runs on is (include version):
    Ubuntu server 22.04
  • I can login to a root shell on my machine (yes or no, or I don't know):
  • I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
  • The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
    certbot 1.32.0

I own the domain, I've created an A record for nextcloud.vanregteren.net. I've set ports 80 and 443 in my router to point at the ip address of the VM. A ping to to nextcloud.vanregteren.net reaches the correct ip address and if I go to http://nextcloud.vanregteren.net I do get to the Nextcloud instance.

I have no idea what I'm doing wrong. Any help would be much appreciated!

1 Like

Welcome to the community @Bert-Jan

Your system is rejecting requests due to a Threat Prevention. You should review your firewall and network gear to allow HTTP requests to your domain. Or, change to use a DNS Challenge instead of the HTTP Challenge used by --apache plug-in (info here)

For example, a request from my own test server to your home page also gets the 403 error you show

curl -i http://nextcloud.vanregteren.net
HTTP/1.1 403 Forbidden
Content-Length: 316
Content-Type: text/html
Connection: Close

<HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD>
<BODY><center><b>Threat Prevention</b></center>
<p>This site is blocked because it violates network policy.</p>
<p>Host: nextcloud.vanregteren.net</p>
<p>URI: /</p>
<p>Reason: Threat reputation No reputation</p>
<p>Please contact your network administrator</p></BODY></HTML>[TEST ~]>

Seems to be geographically linked. From NL I can perfectly reach the Nextcloud instance. The fact the primary location can validate the challenge from the US, but the secondary somewhere else in the world cannot corroborates that.


Not sure it's geographic as this test also fails NL (but worked from Australia).

In any case, they need to review their security settings. Let's Debug will show OK when testing this domain but looking at the Verbose Info you'll see the 403. And, the 403 from the Let's Encrypt staging server. That is a better way to test this than repeating --apache against production servers.


Hm, interesting :thinking:

Actually, I think the staging response under "LetsEncryptStaging" is a HTTP 200 with the Nextcloud login.


That was the quickest response I've ever had to a question!
That was the solution; I'm running the Untangle firewall. I've disabled it and reran the certbot command.
Worked like a charm!

Thanks for the help!


You might want to look if it can selectively allow the path /.well-known/acme-challenge/ if you want to keep it enabled. Let's Encrypt is meant to be automated and disable your firewall every 60 days for renewal manually is cumbersome.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.