Nextcloud does not accessible after Let's encrypt activation

Dear friends! I installed nextcloud 16.0.5.1 via SNAP package. I did all steps by default, also I added trusted domains to the /var/snap/nextcloud/current/nextcloud/config/config.php, add a subdomain in a hoosting panel. Did port forwarding (I have a static IP) for 80 + 443 ports. So, everything worked fine. Then I decided to install Let’s Encrypt SSL. I used 2 commands: sudo ufw allow 80,443/tcp & sudo nextcloud.enable-https lets-encrypt
After I did this last step with SSL my nextcloud became inaccessible throuhj IP nor domain name… I can connect to the nextcloud from the same subnet, using local IP & domain name. But there is no access through Internet. Rebooted server & router for couple of times - the same issue. During SSL installation there were no errors, everything seems to be fine during the installation process.

Also I got some errors during SSL sert analyze: https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.sokolenko.org

Maybe you can suggest me, what else can I do. Thanks a lot!
Nextcloud IP: 85.21.168.165
Domain name: nextcloud.sokolenko.org

My domain is: nextcloud.sokolenko.org

I ran this command: sudo ufw allow 80,443/tcp

sudo nextcloud.enable-https lets-encrypt

The operating system my web server runs on is (include version): Ubuntu Server 18.04 LTS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

There is a strange redirect:
curl -Iki http://nextcloud.sokolenko.org/
HTTP/1.1 301 Moved Permanently
Date: Mon, 16 Dec 2019 17:41:29 GMT
Server: Apache
Location: https://nextcloud.sokolenko.org:443/
Content-Type: text/html; charset=iso-8859-1

Can you show the vhost configs?

my dear colleague, can I ask you to provide me the path where I can find this log file pls?

Not the logs, the config files.
I would assume they may be in:
/etc/apache2/sites-enabled/
But you have installed NextCloud and I’m not 100% certain that doesn’t put things in another location.

thanks, sure, .config, not .log-)
this is what I found… some Apache logs (maybe this can help) & htaccess config file… trying to find some apache config files…
https://drive.google.com/open?id=1L3BFpTQuKCAUopBru2etiu5NSbFZBg7-

What do these show:
ls -l /etc/apache2/sites-enabled/
apachectl -S

seth@nextcloud:~ sudo ls -l /etc/apache2/sites-enabled/ ls: cannot access '/etc/apache2/sites-enabled/': No such file or directory seth@nextcloud:~ apachectl -S

Command ‘apachectl’ not found, but can be installed with:

sudo apt install apache2

it seems to me that Nextcloud with the snap installation does its own webserver untypical setup

Hi @seth88

checking your domain your http works, your https not - see https://check-your-website.server-daten.de/?q=nextcloud.sokolenko.org

Only timeouts

Does that work with https?

If yes, your internal https works.

Do you have a correct port forwarding?

Port 443 extern -> port 443 intern.

yes, it works with https in the same subnet. 443 port forwarding was made correctly, as 80 port forwarding…
That is strange. Everything works correctly with HTTP from the Internet before I installed Let’s Encrypt… Can you suggest me what else should I check maybe?

If your https works internal, it's

• a port forwarding problem
• a firewall problem

Do you use a Linux over Windows? Perhaps the Windows Firewall blocks.

I installed Ubuntu Server in a Virtualbox, so this is a Virtual OS - bridged network mode with a static IP. Host OS is a Windows Server 2012. Ok, thanks a lot, I will try to change some setups on a router-firewall & ping you here how is it going!

It's not a ping problem (unable to connect the ip). Your port 80 answers. It's a 443 port problem.

But if port 443 works internal, it's a blocking instance between.

dear colleague, tell me please, do we need only TCP for 443, or UDP as well? thanks!

https -> tcp connection, so TCP is required.

But note that HTTP/3 uses UDP (!)

UDP is not required for Let’s Encrypt certificate validations using the HTTP-01 or ALPN-01 methods, but it might be useful for future HTTP/3 support from web servers.

thanks a lot for the updates

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.