My domain is:
http://lyceefermat.zapto.org who redirect to http://fermat.zapto.org:8080/fermat/Fermat/
I ran this command: sudo certbot --apache
It produced this output: Failed and unable to restart Apache.
My web server is (include version): Apache2
The operating system my web server runs on is (include version): Ubuntu
My hosting provider, if applicable, is: I don't known...
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): nothing because I deleted it to relaunch my site while waiting for an answer...
Note: Ports 80 and 443 are already used by my machine because I use nextcloud via snap. So I chose to use port 8080 and 44343 for my site
lyceefermat.zapto.org (maybe the reason of my problem)...
Thanks a lot
It is the reason. The --apache plug-in option uses the HTTP Challenge. It starts with a standard HTTP request (port 80) and you can redirect but only to standard ports 80 or 443 (HTTPS).
Can you free up port 80 by re-assigning ports to nextcloud?
You could also consider using a DNS Challenge instead but this requires a DNS provider that is supported by Certbot. Or, look at the acme.sh ACME client which supports many DNS options (
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
I'm not very experienced in this area but I'll try to change the nextcloud ports so I don't make a mess everywhere. Do you have any idea what I should do to not break everything? I installed nextcloud via its snap (
How To Install and Configure Nextcloud on Ubuntu 20.04 | DigitalOcean)? Thanks a lot for your help
I am not a nextcloud expert. You might try asking on a forum for that product. Or, even searching this forum for nextcloud. Or, maybe some other volunteer here will offer help.
The instructions you linked show nextcloud using ports 80 and 443 so not sure why you reassigned them.
I too don't have experience with Nextcloud nor snap, but maybe you could run Nextcloud on a different port and put Apache (or a different webserver) in front of it as a reverse proxy? It could double as a regular webserver and a reverse proxy for Nexrcloud.
Thanks a lot for your help. I'll try to ask the nextcloud community... I'll get back to you as soon as I hear anything!
Here is their answer:
Change nextcloud snap port - ℹ️ Support - Nextcloud community
If I do this, I keep the https from let's encrypt from Nextcloud without doing any other manipulations + https from Apache on port 443 (which I have to change). I wanted to be sure not to break anything on the certificate side by changing the port of nextcloud? Thanks
To get a cert using the HTTP Challenge the port matters (as previously noted). But, once you have the cert you can use it on any service / port.
You need to be more specific than "break anything" if you want more specific advice
Renewal is probably not going to work, unless the
dns-01 challenge was used.
I still recommend using Apache on port 80/443 and reverse proxy to
http://127.0.01:81. And let Apache do all the certificate stuff. As you're proxying to localhost (127.0.0.1), you don't need a cert for Nextcloud.
No thank you very much you have answered my question. I am French, so the translation is not very clear. Thanks again and I'll let you know if I have a problem
Thank you, but I must admit that I didn't really understand. I am a novice in this field...
See for example:
And for some generic explanation:
Pour les articles homonymes, voir Proxy (homonyme).
Un proxy inverse (reverse proxy) ou serveur mandataire inverse est un type de serveur, habituellement placé en frontal de serveurs web. Contrairement au serveur proxy qui permet à un utilisateur d'accéder au réseau Internet, le proxy inverse permet à un utilisateur d'Internet d'accéder à des serveurs internes. Une des applications courantes du proxy inverse est la répartition de charge (load-balancing).
Le proxy inverse est installé du côté de...
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.