Http-01 challenge failing - nextcloud.enable-https lets-encrypt

I followed this guide:

I was trying to setup Nextcloud on Ubuntu 18.04 and once I reach the Lets Encrypt stage, it fails at the http-01 challenge. I made sure my nameservers are pointed at the correct domain, I’ve setup A and AAAA records pointing to the servers IP and I have a virtualhost setup in apache (see below).

<VirtualHost *:80>
DocumentRoot /var/www/
ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined

For some reason, I’m just unable to get a certificate. If it’s of any help, I purchased the domain in the last 7 hours and was wondering if perhaps it was some kind of propagation issue. I tested the site out on the following website and it saw it okay:

My domain is:

I ran this command: sudo nextcloud.enable-https lets-encrypt

It produced this output:

jambalaya@ubuntu-s-1vcpu-2gb-nyc1-01:/home$ sudo nextcloud.enable-https lets-encrypt
In order for Let’s Encrypt to verify that you actually own the
domain(s) for which you’re requesting a certificate, there are a
number of requirements of which you need to be aware:

  1. In order to register with the Let’s Encrypt ACME server, you must
    agree to the currently-in-effect Subscriber Agreement located

    By continuing to use this tool you agree to these terms. Please
    cancel now if otherwise.

  2. You must have the domain name(s) for which you want certificates
    pointing at the external IP address of this machine.

  3. Both ports 80 and 443 on the external IP address of this machine
    must point to this machine (e.g. port forwarding might need to be
    setup on your router).

Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery):
Please enter your domain name(s) (space-separated):
Attempting to obtain certificates… error running certbot:

Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.

404 Not Found

Not Found


To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at
    /var/snap/nextcloud/current/certs/certbot/config. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

I’m puzzled by this. The NextCloud snap runs its own Apache server with its own configuration.

If you’ve created your own Apache server, then none of the correct routing is going to be there to actually serve the NextCloud application and deal with Let’s Encrypt validation. For example, you’d be missing the following critical part:

So I think you need to decide what you want to do:

  • Follow the actual instructions for the NextCloud snap without introducing your own Apache server/configuration, or
  • Run your own Apache server, but then you cannot use nextcloud.enable-https lets-encrypt. You would instead install Certbot independently and use something like certbot --apache.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.