HTTPS on my website

My domain is: http://lyceefermat.zapto.org who redirect to http://fermat.zapto.org:8080/fermat/Fermat/

I ran this command: sudo certbot --apache

It produced this output: Failed and unable to restart Apache.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: I don't known...

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): nothing because I deleted it to relaunch my site while waiting for an answer...

Note: Ports 80 and 443 are already used by my machine because I use nextcloud via snap. So I chose to use port 8080 and 44343 for my site lyceefermat.zapto.org (maybe the reason of my problem)...

Thanks a lot

It is the reason. The --apache plug-in option uses the HTTP Challenge. It starts with a standard HTTP request (port 80) and you can redirect but only to standard ports 80 or 443 (HTTPS).

Can you free up port 80 by re-assigning ports to nextcloud?

You could also consider using a DNS Challenge instead but this requires a DNS provider that is supported by Certbot. Or, look at the acme.sh ACME client which supports many DNS options (link here).

5 Likes

I'm not very experienced in this area but I'll try to change the nextcloud ports so I don't make a mess everywhere. Do you have any idea what I should do to not break everything? I installed nextcloud via its snap (How To Install and Configure Nextcloud on Ubuntu 20.04 | DigitalOcean)? Thanks a lot for your help

1 Like

I am not a nextcloud expert. You might try asking on a forum for that product. Or, even searching this forum for nextcloud. Or, maybe some other volunteer here will offer help.

The instructions you linked show nextcloud using ports 80 and 443 so not sure why you reassigned them.

4 Likes

I too don't have experience with Nextcloud nor snap, but maybe you could run Nextcloud on a different port and put Apache (or a different webserver) in front of it as a reverse proxy? It could double as a regular webserver and a reverse proxy for Nexrcloud.

3 Likes

Thanks a lot for your help. I'll try to ask the nextcloud community... I'll get back to you as soon as I hear anything!

1 Like

Here is their answer: Change nextcloud snap port - ℹ️ Support - Nextcloud community

If I do this, I keep the https from let's encrypt from Nextcloud without doing any other manipulations + https from Apache on port 443 (which I have to change). I wanted to be sure not to break anything on the certificate side by changing the port of nextcloud? Thanks

1 Like

To get a cert using the HTTP Challenge the port matters (as previously noted). But, once you have the cert you can use it on any service / port.

You need to be more specific than "break anything" if you want more specific advice

5 Likes

Renewal is probably not going to work, unless the dns-01 challenge was used.

I still recommend using Apache on port 80/443 and reverse proxy to http://127.0.01:81. And let Apache do all the certificate stuff. As you're proxying to localhost (127.0.0.1), you don't need a cert for Nextcloud.

4 Likes

No thank you very much you have answered my question. I am French, so the translation is not very clear. Thanks again and I'll let you know if I have a problem

1 Like

Thank you, but I must admit that I didn't really understand. I am a novice in this field...

1 Like

See for example:

https://httpd.apache.org/docs/2.4/fr/howto/reverse_proxy.html

And for some generic explanation:

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.