I’m having a curious problem. I set up a Raspberry with Nextcloud and letsencrypt certificate. For that I created a DynDNS domain at goip.de everything worked fine.
Then I installed a second Nextcloud/letsencrypt behind a different router on a QNAP Server with a different DynDNS, also from goip.de. This also worked fine. After that I wanted to move Nextcloud t another Raspberry. So I deinstalled it on the QNAP and set up the Raspeberry in the same way as Raspi No.1. In this case, however, I cannot create a lewtsencrypt certificate, even if I try to install it at the same HW and System-config as Raspi No.1. I checked and recked the DynDNS settings anf port forwardings.
I don’t know where to look next. Is there any help?
This is my comand at the raspberry and the error report:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxxxx.goip.de
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxxxxxx.goip.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xxxxxxx.goip.de/.well-known/acme-challenge/iyrvSu88b-IhxcFFQ997ddm6WQW63TGrvzoDCGYLykk: Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Most likely your router is blocking these inbound connections - perhaps the port forwarding isn’t working as intended? Do you have an external server from which you can try to connect to your host? That’s the only way to be really sure the port forwarding is correct.
this configuration with exactly the same HW and port forwardings
— using the DynDNS yyy.goip.de is o.k,
— but not with DynDNS xxx.goip.de.
(In addition I set up a different DynDNS zzz.goip.de and used the same router/Hw configuration . This also failed to setting up letsencrypt.)
2 using a different router also fails using the DynDNS xxx.goip.de, BUT a setup on this configuration with a QNAP server, Nextcloud and letsencrypt using DynDNS xxx.goip is working.
And yes, I can ping xxx.goip.de in the net and yes, I checked port forwarding 443 and 80 for the relevant device.
It’s tough for us to help diagnose your problems without knowing the exact hostnames. If you share the exact hostnames, other folks on the forum can try various diagnostic tools to make sure you’re domain’s set up right.
@jsha
Hi,
in the meantime I tried a lot of verifications and all failed, even when using the exact same parts as before. So I set up a quite new DynDNS account and checked again, with also no success. Below is my command:
sudo certbot certonly --webroot -w /var/www/html/ -d ejk.goip.de -m xxx@gmx.de --agree-tos
You can see the hostname there.
produces the error message:
*
*
* Expire in 14 ms for 1 (transfer 0xbc6b0)
* Trying 84.57.240.177… [This is my current IPV4 address]
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0xbc6b0)
* connect to 84.57.240.177 port 80 failed: Verbindungsaufbau abgelehnt [english: connection refused]
* Failed to connect to ejk.goip.de port 80: Verbindungsaufbau abgelehnt
* Closing connection 0
curl: (7) Failed to connect to ejk.goip.de port 80: Verbindungsaufbau abgelehnt
This is not the case in my working configuration on same HW, ports etc.
If you are going to test something on this DynDNS, there might be the problem, that the server is not always on-line and further, the IP-Address is changing daily between 5:00 and 6:00 a.m. GMT. However, I will try to have it on-line permanently.
That's exactly my strange problem. If I use exactly the same HW etc., but an image of an earlier configuration on the Raspi SD card, portscan will find port 80 and 443 open, but not on any later build. B.t.w, I'm preparing the Raspi from this tutorial https://canox.net/2016/06/die-eigene-cloud-mit-dem-raspberry-pi-und-nextcloud/. If I use my old DynDNS it works fine (including the open ports), if I use any other xxx.goip DynDNS work stops at the command
sudo certbot certonly --webroot -w /var/www/html/ -d ejk.goip.de -m xxx@gmx.de --agree-tos
Hi,
sorry, I really don't understand your advice (I'm not a real Linux guru).
What I did, was that I took the original image and changed the DynDSN names in the file
/etc/nginx/sites-enabled/default
and in the command line for starting letsencrypt But this didn't work either.
Hi JuergenAuer,
concerning the IP-addresses something may be confused right now, because I’m working on the server …
However, I found one interesting point: During the installation process I checked processes on the Raspi. From a certain point on, the nginx process was listet and also port 80 open. Then I had to change the file
/etc/nginx/sites-enabled/default
with my DynDNS names. And from this point on nginx had stopped and port 80 was closed. I think I have to work from this point on. (But I don’t understand, that this set-up procedure worked before and not anymore. This I have to find out first.)
So far, thank you for your help! Have a nice weekend.