I’m trying to get my own private cloud, working fine with access on port 80. However I need SSL authentication but any tutorial I found online didn’t work.
Please help…
My domain name (DDNS): asds.noip.me
I set up a VPS with apache on ubuntu 16.04, nextcloud as cloud server.
Port 80 and 443 open on my router firewall.
What I get is always: "Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for asds.noip.me
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. asds.noip.me (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: asds.noip.me
Type: connection
Detail: Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
The TLS-sni-01 challenge requires port 443.
Ensure your firewall is allowing port 80 and 443 inbound.
And place a test.txt file (with minimal content) in the challenge folder for testing: asds.noip.me/.well-known/acme-challenge/test.txt
This is still a less relevant test because there is no file, nor /.well-known directory, nor use of a webroot, nor even a completed HTTP request, in TLS-SNI-01. It only creates a self-signed certificate and does not perform a full web request.
I couldn’t find a “acme-challenge” folder on my root partition or /var/www
folder. So I made one new folder (asds.noip.me/.well-known/acme-challenge/)
and put a simple test.txt on it; then chowned using www-data:www-data. I
tried to point it from outside: "The requested URL
/.well-known/acme-challenge/test.txt was not found on this server." http://asds.noip.me/.well-known/acme-challenge/test.txt
Sorry, I’m an absolute beginner, I may have misanderstood your suggestion!
We need this to share mediacal research stuff (mainly using nextcloud) and
set up a stata software server - but we are stuck with SSL authentication.
The thing I was discussing above is that the acme-challenge directory is only relevant if you use --webroot, not if you use --apache. The --webroot method is less automated than the --apache method; for example, it doesn’t install your certificate for you.
The experiment you tried shows that --webroot won’t work either (without figuring out and fixing whatever went wrong), but it doesn’t explain the error that you saw with --apache. I think that error is most likely explained by a firewall (either a network-based firewall or a host-based firewall) dropping the inbound connections to port 443.
Weird, this is beyond my possibilities, actually I’m a newbie.
I can ssh using port 443 from outside, and my lamp-stack is “standard”.
I tried to stop my router firewall, no luck. I’m using the main ISP in
Italy (Tim), so that shouldn’t be an issue.
I may try to reinstall the system, but this would be a panic!
That's the issue. Port 443 is OpenSSH. Port 443 needs to be Apache.
You need to move OpenSSH to a different port, or use a multiplexing program like sslh so that OpenSSH and Apache can share the port. (Apache and Certbot would have to be configured carefully, though.)