NextCloud with LetsEncrypt with dsLite connection

Help
1

Hi there,

to begin with I should add that I am completely new to networking and Linux in the sense that I started out yesterday, when I recieved an old pulled Dell server.

I want to set up a NextCloud to use it as my personal Dropbox alternative.
Nextcloud is working fine but only on the home network.
I’ve followed a tutorial on how to get an outside connection but it fails when I try to get a certificate from duckDNS. The log is further down.
I have the suspicion that my ISP only provides me with ds lite and since everyone is on holiday here I can’t reach them.
I hope someone can tell me how to work around the issue and maybe get it to work over IPv6.

Please remember that I am a complete noob so please be specific what to do. I tried using the documentation found online but had no clue what they wanted me to do.

Thank you very much.

My domain is:
skynet2020.duckdns.org
skynet2020nc.duckdns.org

I ran this command:
I started the Docker container in unraid. I’ll post the full log further down.

It produced this output:

My web server is (include version):
Unraid 6.8.3

I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t know.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Unraid web GUI

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I don’t know how to check.

Here is a full log, without my personal IP and email address:

usermod: no changes

_ ()
| | ___ _ __
| | / | | | /
| | _ \ | | | () |
|| |/ || __/

Brought to you by linuxserver.io

To support the app dev(s) visit:
Let’s Encrypt: https://letsencrypt.org/donate/

To support LSIO projects visit:
https://www.linuxserver.io/donate/

GID/UID

User uid: 99
User gid: 100

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing…
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing…
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing…
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=duckdns.org
SUBDOMAINS=skynet2020,skynet2020nc
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=********************
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d skynet2020.duckdns.org -d skynet2020nc.duckdns.org
E-mail address entered: *****************
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for skynet2020.duckdns.org
http-01 challenge for skynet2020nc.duckdns.org
Waiting for verification…
Challenge failed for domain skynet2020.duckdns.org

Challenge failed for domain skynet2020nc.duckdns.org

http-01 challenge for skynet2020.duckdns.org
http-01 challenge for skynet2020nc.duckdns.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: skynet2020.duckdns.org
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
skynet2020.duckdns.org - the domain’s nameservers may be
malfunctioning

Domain: skynet2020nc.duckdns.org
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
skynet2020nc.duckdns.org - the domain’s nameservers may be
malfunctioning
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

2

Hi @Dezzy

duckdns is known as a buggy name server.

Checking your domain that's terrible - https://check-your-website.server-daten.de/?q=skynet2020nc.duckdns.org

U ns1.duckdns.org
U ns2.duckdns.org
U ns3.duckdns.org

Using the ip addresses of these name servers manual - the same, they don't answer.

So you have to wait.

3

Hi Jürgen,

thank you for your answer.

Is it bad that my ip address is so easily seen?
I would think so but I have no idea how to stop that from happening without the use of a VPN, which would introduce a further point of possible failure and I’m in over my head already atm.

Let me verify what you meant with that I’ll have to wait.
Did you mean to wait for easter to blow over to contact UM/VF?

Thanks again =)

4

Your IP address has to be known to the world wide web for others (like Let's Encrypt) to connect to you. As Let's Encrypt certificates are visible in certificate logs, you can't really hide your IP address. I guess you might have heard the term "VPN" somewhere, but that doesn't have anything to do with "hiding your IP address" in your case. Your IP address has to be known, otherwise it just doesn't work.

This isn't really a bad thing though. Even if your IP address wouldn't be publically know, you have to have your security 200 % in order! Hackers might connect to just your IP address by scanning a lot of IP's sequentially.

As for the dsLite-part: as your dynamic DNS server is probably updated on your premise and contains a publically known IP address, your probably not behind dsLite. Also, I'm getting "connection refused" responses on port 80 and 443, but timeouts on other ports, which tells me you probably have port 80 and 443 opened for your webserver (which is good), but don't have the webserver actually running.

So the DNS troubles of DuckDNS notwithstanding your setup seems ready to go.

5

If you use a completely buggy / not working dns provider, you can't create a certificate.

-->> Ask duckdns why their service doesn't work.

Or switch to a working dns provider.

6

Thank you both. I’ll try another provider. DuckDNS was recommended on a video tutorial to set up NextCloud. I’ll report back if another provider works.
To Osiris, what you said makes perfect sense. It now seems logical enough that I’m surprised I didn’t thought of it myself.

7

Hi, so by now I have bought myself a domain. The guys over at Dynadot were nice enough to configure the DNS settings on their end. After reading and watching a lot more tutorials I still hit a roadblock configuring LetsEncrypt.
According to a YT video found here I need to change the nginx config file “default” in my appdata directory of LetsEncrypt.
Sadly the whole file looks different than his does and the lines are partially obstructed and cut off.
I searched for an example file online but I can’t find any.
Could you please tell me what I have to punch in there to get it to work?

Edit: The file is shown in the YT Video at 4:15

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.