Generating/renewing a Cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.lilbearcloud.com

I ran this command: certbot certonly (I assume, it's through the nextcloudpi web interface)

It produced this output:

[ letsencrypt ] (Sun Aug 3 17:14:28 UTC 2025)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.lilbearcloud.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.lilbearcloud.com
Type: unauthorized
Detail: 64.53.129.89: Invalid response from http://www.lilbearcloud.com/.well-known/acme-challenge/s9iFCtV2_yv3R4IFs8gxBxX0T-kcW2FbaAu2EBKtDd0: 400

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache (I'm guessing again, I'm pretty sure nextcloud is apache)

The operating system my web server runs on is (include version): Armbian-unofficial 24.8.2 Bookworm \l . 6.6.45-current-bcm2711 (aarch64)

My hosting provider, if applicable, is: Self, Dynamic DNS through Namecheap

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not sure

Your website is rejecting http requests while not redirecting the requests to https, the webserver needs to respond with a redirect (status code 3xx) to https.

Got it. I've enabled "Forced HTTPS" in the nexclouppi web panel settings, but that doesn't seem to be what you're talking about.

Is there somewhere else I should check?

Check for a <VirtualHost *:80> block with an SSLEngine on directive

I'm not exactly sure what an SSLEngine directive is

Tried running it in the terminal and it told me that it wasn't a command.

Also check any router's NAT or port forwarding to ensure incoming requests on port 80 are getting sent to the correct port for Apache (often also 80).

Thank you to you both! Mike got it.

I went into my router's port forwarding settings. 80 and 443 were active on the external ports, but I set 443 for the Internal port for whatever reason (I think I thought it would help access the url locally). Deleting the internal port seems to have fixed it!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.