Next cloud swag certification error

misteratu · September 1, 2021, 9:30am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: misteratunas.duckdns.org

I ran this command:

version: "2"
services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=998 #change PUID if needed
      - PGID=100  #change PGID if needed
      - TZ=Europe/Paris #change Time Zone if needed
    volumes:
      - /srv/dev-disk-by-uuid-769827fc-087a-4bed-9b1f-86a473b8f90b/appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted
      - /srv/dev-disk-by-uuid-769827fc-087a-4bed-9b1f-86a473b8f90b/appdata/nextcloud/data:/data     #/srv/dev-disk-by-label-disk1 needs to be adjusted
    depends_on:
      - mariadb
#    ports: # uncomment this and the next line if you want to bypass the proxy
#      - 450:443
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb
    container_name: nextclouddb
    environment:
      - PUID=998 #change PUID if needed
      - PGID=100  #change PGID if needed
      - MYSQL_ROOT_PASSWORD=QNQaMAcsSMJyY6Jm  #change password
      - TZ=Europe/Paris #Change Time Zone if needed
    volumes:
      - /srv/dev-disk-by-uuid-769827fc-087a-4bed-9b1f-86a473b8f90b/appdata/nextclouddb:/config    #/srv/dev-disk-by-label-disk1 needs to be adjusted
    restart: unless-stopped
  swag:
    image: linuxserver/swag         #swag is the replacement for letsencrypt (see link below)
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=998 #change PUID if needed
      - PGID=100  #change PGID if needed
      - TZ=Europe/Paris # change Time Zone if needed
      - URL=misteratunas.duckdns.org #insert your domain name - yourdomain.url
      - SUBDOMAINS=www,
      - VALIDATION=http
      - EMAIL=misteratu8@gmail.com # define email; required to renew certificate
    volumes:
      - /srv/dev-disk-by-uuid-769827fc-087a-4bed-9b1f-86a473b8f90b/appdata/swag:/config  #/srv/dev-disk-by-label-disk1 needs to be adjusted
    ports:
      - 444:443
      - 81:80
    restart: unless-stopped

It produced this output:

Requesting a certificate for misteratunas.duckdns.org and www.misteratunas.duckdns.org
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: misteratunas.duckdns.org
  Type:   connection
  Detail: Fetching http://misteratunas.duckdns.org/.well-known/acme-challenge/avhxgh2M9CwjN4HFvOCfihcRjcNzfxTJwbQAN0pZSB4: Timeout during connect (likely firewall problem)
  Domain: www.misteratunas.duckdns.org
  Type:   connection
  Detail: Fetching http://www.misteratunas.duckdns.org/.well-known/acme-challenge/3L9qGISAMwcESSt0Pdo0YbQidBnkcJ0XL7bgX30TGy4: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing... 
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/

Brought to you by linuxserver.io
-------------------------------------
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    998
User gid:    100
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=998
PGID=100
TZ=Europe/Paris
URL=misteratunas.duckdns.org
SUBDOMAINS=www,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=http
CERTPROVIDER=
DNSPLUGIN=
EMAIL=misteratu8@[redacted].com
STAGING=
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d www.misteratunas.duckdns.org
E-mail address entered: misteratu8@[redacted].com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for misteratunas.duckdns.org and www.misteratunas.duckdns.org
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: misteratunas.duckdns.org
  Type:   connection
  Detail: Fetching http://misteratunas.duckdns.org/.well-known/acme-challenge/VssI0L5yoWS2rrV5_3iOgR6EjwzEEKQF-61fI48YSpA: Timeout during connect (likely firewall problem)
  Domain: www.misteratunas.duckdns.org
  Type:   connection
  Detail: Fetching http://www.misteratunas.duckdns.org/.well-known/acme-challenge/p-hPi0ab1abNZSguZX7R-08KMCy9aFfuvAE4_D_dsZ8: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

My web server is (include version):

The operating system my web server runs on is (include version):openmedia vault

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

misteratu · September 1, 2021, 9:32am

I wanted to put swag on my nas equipped with next cloud however when I try to have a certificate I get an error and I don't understand why

rg305 · September 1, 2021, 2:00pm

You need to be able to use a functioning HTTP site before you can secure it (via HTTP authentication method). It seems that port 80 can't reach your server.

misteratu · September 1, 2021, 2:42pm

How can the port 80 can reach the server because i have tried everything on my livebox frensh provider?
I went into NAT/PAT and put 2 rules

rg305 · September 1, 2021, 2:42pm

Please show them.

misteratu · September 1, 2021, 2:42pm

rg305 · September 1, 2021, 2:43pm

That shows external:81 going to internal:80

misteratu · September 1, 2021, 2:44pm

So I have to understand that these are not the right rules to put in?

rg305 · September 1, 2021, 2:45pm

Correct.
It should be:
80 to 80

misteratu · September 1, 2021, 2:46pm

ok i ll try

misteratu · September 1, 2021, 2:48pm

There is still the same problem

Osiris · September 1, 2021, 2:52pm

Looks like your software itself is actually listening on ports 81 and 444. Did you by any chance make a mistake when initially adding those portmaps? In your screenshot you're showing external 81 to internal 80 where it probably (looking at the Docker [?] file) should be external 80 to internal 81? And of course also for port 443/444.

Also, is the IP address 90.79.75.6 correct?

misteratu · September 1, 2021, 3:06pm

I have tried to replace these ports but i have the same results
but my ip adress is not 90.79.75.6
Where have you find that id ?

Osiris · September 1, 2021, 3:08pm

That's what misteratunas.duckdns.org and www.misteratunas.duckdns.org resolve to. See for example: https://unboundtest.com/m/A/misteratunas.duckdns.org/P43URYW2

misteratu · September 1, 2021, 3:12pm

So yes it's the ip on duckdns website

rg305 · September 1, 2021, 3:28pm

Are you running a daemon that updates the IP automatically whenever it changes?

misteratu · September 1, 2021, 3:31pm

No i don't think so

Osiris · September 1, 2021, 3:34pm

You should make sure the IP address to which your hostname resolves is the same IP address as your host, so Let's Encrypt (or any other host on the internet) can successfully connect to it.

misteratu · September 1, 2021, 3:37pm

we agree that the host's ip address is the public ip of the livebox

rg305 · September 1, 2021, 3:40pm

Then you just need to confirm the port mappings.