Need help configuring Nextcloud and Apache

feloabi · June 30, 2024, 10:21am

I need help to configurate my Nextcloud. I did everything correct, but i can't get a certificate. Can someone please help?The Firewall is also active and it Runs on the newest Debian version: Debian 11.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for feloabi.cloud

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: feloabi.cloud
Type: connection
Detail: 212.46.176.133: Fetching http://feloabi.cloud/.well-known/acme-challenge/8QTpa5g-SOjoKCHc-hjcGDcC9ITYmYNTb4-dbnhhhng: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Osiris · June 30, 2024, 10:46am

The Let's Encrypt validation server can't reach your server on port 80 (IPv4). Neither can I.

Did you configure it properly?

Also note that your IPv6 address currently in the AAAA RR for your domain name is fe80::6a1d:efff:fe1c:2164, which is part of the "Link-Local Unicast" fe80::/10 range which is NOT a global reachable IPv6 address on the public internet. It's only used for hosts which are directly connected to each other (link-local).

feloabi · June 30, 2024, 12:16pm

If i don‘t have a ipv-6 Adress what should I do?

I opened the firewall and everything. I opened a Port in my router for HTTPS but for Port HTTP it wont work, because i is blocked by localhost. Is that right?

And how can i activate the port 80. Because in my router I said that in the inside it is Port 80 but on the outside I have another Port open because of the Botnet.

Osiris · June 30, 2024, 12:24pm

Don't configure an AAAA RR in DNS.

What did you open and what does "everything" mean? That's kinda vague..

Opening just port 443 for HTTPS does not help for the http-01 challenge which is currently used. This challenge will always start on HTTP port 80.

How is localhost blocking port 80?

I don't know what this means. "the Botnet"? Usually if one speaks about botnets, it's in the context of hacked computers being used to do malicious things on the internet. But I don't think you meant that, right?

feloabi · June 30, 2024, 2:32pm

Yeah i ment that somebody can get in my Internet and hack all my devices in the network

With the localhost is blocking the Port 80 is that the Ip 127.0.0.1 is blocking the port 80 when i search in the linux terminal which ports are open

With firewall i meant that i opent the firewall for Port 443 and Port 80.

MikeMcQ · June 30, 2024, 2:41pm

The Let's Encrypt server still cannot reach your domain using HTTP. I can't from my own server either.

HTTPS also is blocked by something. I timeout on those requests too.

curl -i -m8 http://feloabi.cloud
curl: (28) Connection timed out after 8001 milliseconds

curl -i -m8 https://feloabi.cloud
curl: (28) Connection timed out after 8001 milliseconds

The Let's Debug test site is helpful to test changes you make to open port 80 for the HTTP Challenge. See: Let's Debug

Also please see below topic about recommendation for port 80

feloabi · June 30, 2024, 2:42pm

Yeah, I‘ll try then im giving you guys updates

feloabi · June 30, 2024, 8:02pm

Yeah, ehhm now it's working for http but https is not working. Is it because i don't have a iPv-6 Ip-Adress?

If it's helpful here is the error code:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: feloabi.cloud
Type: unauthorized
Detail: 212.46.176.133: Invalid response from http://feloabi.cloud/.well-known/acme-challenge/Ah33uGBqd7F91dyZ76WC6XhxBBwrDTjwwgdlD9ZhmRg: 401

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.

And here is the output from (curl -i -m8 http://feloabi.cloud)

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Content-Length: 2083
Connection: close
Cache-control: no-cache

MikeMcQ · June 30, 2024, 8:09pm

No, not really. That is not an Apache server responding on port 80 (HTTP). Something is replying with a 401 Unauthorized error to the HTTP Challenge from the Let's Encrypt server. Looks like maybe a router interface or some other firewall device (based on other tests I ran).

If Certbot gets a cert successfully using the --apache option it will create an HTTPS VirtualHost for you. But, then you must also ensure port 443 is open and working. The above Certbot request failed so you still need to sort that out.

feloabi · June 30, 2024, 8:10pm

So how do I fix the Problem with the error 401 from the Let`s Encrypt server?

Yeah, I thought http works because i looked it up on this Website (https://downforeveryoneorjustme.com/feloabi.cloud) and it said that the Server is online or the DNS i don't know.

MikeMcQ · June 30, 2024, 8:18pm

Figure out how to get Apache to reply to HTTP requests from the public internet.

This doesn't look like a response from Apache to me. Do you recognize it?

Have you setup a "home" page for Apache? If not, do that and once you successfully see the home page in a browser then try Certbot again.

curl -i -m8 http://feloabi.cloud
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Content-Length: 2083
Connection: close
Cache-control: no-cache

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=0"><meta name="apple-touch-fullscreen" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="format-detection" content="telephone=no"><link rel="shortcut icon" href="favicon.ico"><link href="themes/default/css/perfect-scrollbar.css" rel="stylesheet"><link id="baseCss" href="themes/default/css/base.css" rel="stylesheet"><!--[if lt IE 9]>
    <link type="text/css" href="themes/default/css/total.ie8.css" rel="stylesheet" />
    <![endif]--><title id="title">Opening...</title>

feloabi · June 30, 2024, 8:29pm

My Logs from apache are telling me that there is the Error COde AH00094 and more

Here is the Log if you need it:

[Sun Jun 30 21:59:33.026430 2024] [core:notice] [pid 33498] AH00094: Command line: '/usr/sbin/apache2'
[Sun Jun 30 21:59:39.768946 2024] [mpm_prefork:notice] [pid 33498] AH00171: Graceful restart requested, doing restart
[Sun Jun 30 21:59:39.900376 2024] [mpm_prefork:notice] [pid 33498] AH00163: Apache/2.4.59 (Debian) configured -- resuming normal operations
[Sun Jun 30 21:59:39.900435 2024] [core:notice] [pid 33498] AH00094: Command line: '/usr/sbin/apache2'
[Sun Jun 30 22:21:56.660018 2024] [mpm_prefork:notice] [pid 33498] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jun 30 22:21:57.009992 2024] [mpm_prefork:notice] [pid 35522] AH00163: Apache/2.4.59 (Debian) configured -- resuming normal operations
[Sun Jun 30 22:21:57.010191 2024] [core:notice] [pid 35522] AH00094: Command line: '/usr/sbin/apache2'
[Sun Jun 30 22:24:15.250654 2024] [mpm_prefork:notice] [pid 35522] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jun 30 22:24:15.598545 2024] [mpm_prefork:notice] [pid 36861] AH00163: Apache/2.4.59 (Debian) configured -- resuming normal operations
[Sun Jun 30 22:24:15.598723 2024] [core:notice] [pid 36861] AH00094: Command line: '/usr/sbin/apache2'

Osiris · June 30, 2024, 8:42pm

There are no errors in that log, only "notices".

MikeMcQ · June 30, 2024, 8:43pm

You should setup an "access" log in your VirtualHost

And check that to see if there are any requests. I don't think you will find any (yet)

feloabi · June 30, 2024, 8:48pm

I tried it!

But what can I do now? I still isn't working!

and when I'm in my local network, I tried to access my cloud with https://feloabi.cloud, but it led me to the site feloabi.cloud/error.html and the http error is 401.

MikeMcQ · June 30, 2024, 8:59pm

The "access" log won't fix anything. It is just a tool to see the requests Apache is processing. I wanted you to see that so you knew Apache wasn't seeing requests.

Setting up and managing a new server isn't this forum's focus. You should visit a general Apache forum, or a NextCloud forum, for help with that.

system · July 30, 2024, 8:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timeout during connect (likely firewall problem) Help	6	1262	May 22, 2022
Certbot "Some challenges have failed." Help	18	686	February 8, 2023
Timeout Connection Error - Linux Nextcloud Certbot Let's Encrypt Help	4	1901	December 26, 2017
404 error Nextcloud setup Help	7	1219	June 11, 2021
Challenge failed Help	10	125	January 8, 2025

Need help configuring Nextcloud and Apache

Related topics