Nextcloud Docker: No Valid ip

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
twthegamer.me (sub: cloud.twthergamer.me)
I ran this command:

docker-compose up -d

It produced this output:

letsencrypt-companion_1  | Info: running acme-companion version v2.1.0-28-g1785bc5
letsencrypt-companion_1  | Info: Custom Diffie-Hellman group found, generation skipped.
letsencrypt-companion_1  | Reloading nginx proxy (c4e236a2361c252ece3a680426dc8cfe64d81fba31993b57fcc716affa758db4)...
letsencrypt-companion_1  | 2021/10/12 23:08:37 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt-companion_1  | 2021/10/12 23:08:37 [notice] 53#53: signal process started
letsencrypt-companion_1  | 2021/10/12 23:08:37 Generated '/app/letsencrypt_service_data' from 6 containers
letsencrypt-companion_1  | 2021/10/12 23:08:37 Running '/app/signal_le_service'
letsencrypt-companion_1  | 2021/10/12 23:08:37 Watching docker events
letsencrypt-companion_1  | 2021/10/12 23:08:38 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
letsencrypt-companion_1  | Reloading nginx proxy (c4e236a2361c252ece3a680426dc8cfe64d81fba31993b57fcc716affa758db4)...
letsencrypt-companion_1  | 2021/10/12 23:08:40 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt-companion_1  | 2021/10/12 23:08:40 [notice] 79#79: signal process started
letsencrypt-companion_1  | Creating/renewal twthegamer.me certificates... (twthegamer.me)
letsencrypt-companion_1  | [Tue Oct 12 23:08:43 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
letsencrypt-companion_1  | [Tue Oct 12 23:08:43 UTC 2021] Creating domain key
letsencrypt-companion_1  | [Tue Oct 12 23:08:48 UTC 2021] The domain key is here: /etc/acme.sh/tewhitesca109@gmail.com/twthegamer.me/twthegamer.me.key
letsencrypt-companion_1  | [Tue Oct 12 23:08:48 UTC 2021] Single domain='twthegamer.me'
letsencrypt-companion_1  | [Tue Oct 12 23:08:48 UTC 2021] Getting domain auth token for each domain
letsencrypt-companion_1  | [Tue Oct 12 23:08:50 UTC 2021] Getting webroot for domain='twthegamer.me'
letsencrypt-companion_1  | [Tue Oct 12 23:08:50 UTC 2021] Verifying: twthegamer.me
letsencrypt-companion_1  | [Tue Oct 12 23:08:54 UTC 2021] twthegamer.me:Verify error:Invalid response from http://twthegamer.me/.well-known/acme-challenge/q-_MdV0EAk19T5xDZ1CEBVDTBROd9aMycTCXw1YG0mo [66.96.162.132]:
letsencrypt-companion_1  | [Tue Oct 12 23:08:54 UTC 2021] Please check log file for more details: /dev/null
letsencrypt-companion_1  | Sleep for 3600s

My web server is (include version):
No webserver, here is part of my docker-compose setup:

proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - nextcloud_network

  letsencrypt-companion:
    image: nginxproxy/acme-companion:latest
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - acme:/etc/acme.sh
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - nextcloud_network
    depends_on:
      - proxy

The operating system my web server runs on is (include version):
ubuntu server 21.xx
My hosting provider, if applicable, is:
I am self-hosting the server, Domain is managed through domain.com

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Do not know, I think it is v2.0

  1. if you want to use the cert for a subdomain, you should request certificate for that subdomain specifically.
  2. neither twthegamer.me nor cloud.twthegamer.me have A record. is ns1.domain.com right name server for your domain? did you assagin your ip address from there?
1 Like

Part of the issue seems to be I was using my private IP instead of public. I now have twthegamer.me and cloud.twthegamer.me pointing to my public. still no luck after that.

twthegamer.me has an A (IPv4) record (174.80.40.176) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with twthegamer.me/174.80.40.176: Get "http://twthegamer.me/.well-known/acme-challenge/letsdebug-test": dial tcp 174.80.40.176:80: i/o timeout

did you open port 80 from firewall?

1 Like

I am port forwarding. I have the public ip has my external ip and my private ip as my internal. Anything else I should do?

hmm maybe cgnat? what's the ip you router got from upstream dhcp server?

1 Like

I am new to all these networking ideas. How do I check that? on a home network

I can't get to your website from here, so it look like there was another layer of nat on their side, and spectrum is known to do that.
enter your router control page: I can't guide from there as I don't know whats your router is.

2 Likes

@tw109
You need a functional HTTP site before you can secure it (via HTTP authentication).

After some configuration attempts, I only ended up hurting my own network. I will get in contact with my ISP and see what I could do. I feel extremely close

Can you explain further?

Yes:
http://twthegamer.me should connect to your web server.
OR, at least, http://174.80.40.176 should connect to something...

If not, then you can see how anything built with that as a requirement will fail.

connect results in a "took too long to respond" error. So something seems to be there, just not getting all the way through.

Exactly.
You will need to get that sorted out before you can continue with obtaining a cert for it.

as you open up the ip address let's see the result of traceroute 1.1.1.1
if server is on windows its tracert 1.1.1.1 in cmd

Would this be a firewall issue on the home ISP modem or the Rasp Pi(Ubuntu Server)?

personally? I think it's your ISP policy of not giving a dedicated public ip(CGNAT) to you

1 Like

I will confirm this issue in the near future. Thank you all for the help!

1 Like

update: my IPS does not block port 80 at all! So the issue must be on my end.
So here is what I have going on:

*my port forwarding set up (for both 80 and 443)
internal ip: 192.x.x.x, external ip: 174.80.40.176(public), external and internal port: 80 (and 443).

router's firewall is set to all traffic through for 80

dns record:
twthegamer.me class A, -> 174.80.40.176(public)
cloud.twthegamer.me CNAME -> twthegamer.me

Am I missing something?

Make sure the router (itself) isn't using either port 80 or 443.
It can't forward what it uses.