I have been trying to set up Nextcloud to work with my domain for the past two days now and haven't been able to figure it out. Any and all help is appreciated!
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for cloud.715database.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: cloud.715database.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for cloud.715database.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.715database.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Apache 2.4.52
The operating system my web server runs on is (include version): Ubuntu Server 22.04
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I don't think I am, but I am using Google Domains and Google Cloud DNS to set up the DNS for the domain if that's what this means.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
By "open" do you mean that it should be allowed through my server's firewall? Because according to "sudo ufw status verbose", both ports 80 and 443 are allowed through the firewall.
Here is what I see from my location, all ports are "Filtered"
$ nmap -Pn 715database.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-01-08 17:11 PST
Nmap scan report for 715database.com (34.125.211.235)
Host is up.
rDNS record for 34.125.211.235: 235.211.125.34.bc.googleusercontent.com
All 1000 scanned ports on 715database.com (34.125.211.235) are filtered
Nmap done: 1 IP address (1 host up) scanned in 203.43 seconds
I think I might understand what my issue is then. I used a Google VM instance to get an external IP to use for the A record for 715database.com and then deleted the VM instance immediately after getting the external IP. Did me deleting the VM instance cause this issue in the first place? And would keeping the VM instance up allow me to properly use certbot?
I don't know. I do know that if you want to use the HTTP-01 Challenge with a domain name, such as cloud.715database.com, that that domain name needs to resolve to an Internet accessible IP address and allow Port 80 through.
At this point kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.
In order to obtain a certificate via HTTP-01 authentication, you must first have a working HTTP site.
[or HTTP access to that system and run an ACME client as a web service]
The first step to having an HTTP web site accessed from the Internet is having an FQDN that resolves to an Internet accessible IP address.
If I'm hosting Nextcloud on a home server build, would it be possible to somehow take the build IP address and turn it into an internet accessible IP address so that I would be able to access the Nextcloud page outside of my home network? I'm very new to web hosting so I originally assumed owning a domain and using something like Google Cloud DNS to point toward the builds IP would resolve this issue.
Yes, that is very common.
You would need to port forward HTTP/HTTPS from the router to the NextCloud server.
If your router doesn't have a static IP address, there are Dynamic DNS services that can be used to keep the IP updated automatically.
Internet connections must be made via Internet routable IPs.
So, you would have to update the Internet DNS zone with the Internet IP of the router.
Since you are using Google Cloud DNS (I think?), you also have the option to use the certbot-dns-google plugin, which will allow you to issue a certificate for a domain that doesn't have an external IP address.
