The operating system my web server runs on is (include version): FreeNas Jail
My hosting provider, if applicable, is: Not Applicable
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I am not sure what this means.
I am trying to get a certificate for my NextCloud server. It is currently using a self signed one. Also, how do I upgrade to TLS 1.2? I installed NextCloud as a plugin in FreeNas and it is currently using TLS 1.0
I think the problem is that the certificate authority is willing to follow redirects, but the target of the redirect is still expected to be a domain name rather than an IP address. @jsha, is that correct?
No, Certbot can’t issue certificates for IP addresses.
You’ll need to do the certificate authentication in another way, or not have the other server (at 34.199.8.144) generate a redirect to your server by IP address. Instead, there needs to be some kind of DNS name with an A record that points directly at your server’s IP address.
So I think I successfully got a certificate for sadhircloud.ddns.net as shown in the shell screenshot, but I am still getting the self signed certificate warning in Firefox (screenshot attached) when I go to: https://sadhircloud.ddns.net
But I when I go to sadhircloud.ddns.net without using https, I end up at my login page without tls. I guess I could solve this by closing port 80, but does certbot need port 80 to remain open?
Installer None means that Certbot did not do anything to edit your web server configuration. Therefore, your certificate exists but your web server has not yet been configured to use it. You can install it yourself by editing your server configuration files, or use Certbot in a different way (not with certonly) to have Certbot do this for you.
We recommend continuing to have your web server listen on port 80 and forward HTTP requests to corresponding HTTPS requests. Otherwise, your site won’t work properly in many browsers when people type in the domain name without the “https://”.