I’m trying to follow this guide
https://help.nextcloud.com/t/start-to-finish-nextcloud-collabora-step-by-step-guide/10602 from Nextcloud to connect it with collabora.
My domain is:
I ran this command: sudo letsencrypt --apache --agree-tos --email
firstname.lastname@example.org -d office.nextcloud.com
It produced this output:
Failed authorization procedure.
office.nextcloud.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://office.nextcloud.com/.well-known/acme-challenge/b0jjiuhiES4J0iuptu9_fp23mXbZjB4QGHAAPdZ3aRo [2a01:4f8:130:32f1::49]: 404
My web server is (include version): Server version: Apache/2.4.25 (Debian)
The operating system my web server runs on is (include version): Debian 9 Stretch
My hosting provider, if applicable, is: self hosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): bash shell
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.28.0
you have ipv4- and ipv6 addresses (
Checking a file in /.well-known/acme-challenge answers with the expected http status 404 - Not Found, so it's not the typical ipv4/ipv6 mismatch.
So the apache plugin doesn't understand your configuration.
Switch to webroot as authenticator. Find your DocumentRoot and use it:
certbot run -a webroot -i apache -w yourDocumentRoot -d office.nextcloud.com
@JuergenAuer How do I check where the documentroot is in my case?
(Not in /var/www/html)
If you have a non-standard configuration: I don't know.
Check your vHosts with
to see, where your port 80 vHost with that domain name is defined. Then check that config file.
@JuergenAuer The problem is, I’m defining a virtual host at /etc/apache2/sites-available like:
If I run:
sudo certbot run -a webroot -i apache -w /etc/apache2/sites-enabled/ -d office.nextcloud.com
I get the same error.
That's not your DocumentRoot.
Add a DocumentRoot to your vHost and use that.
@JuergenAuer Okay, I added:
Created the document Folder and tried to run the command again. Still nothing.
Then this vHost isn't used. Again: What says apachectl -S
*:443 18.104.22.168 (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 is a NameVirtualHost
default server myDigitalHome.umwelt-campus.de (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost myDigitalHome.umwelt-campus.de (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost office.nextcloud.com (/etc/apache2/sites-enabled/office.conf:1)
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
User: name="www-data" id=33
Group: name="www-data" id=33
But in “/etc/apache2/sites-enabled/office.conf” is no DocumentRoot defined. If I do so still the same error.
Then create one, there a file. Then check if you can load that file with your browser to see, if that vHost is really used.
Are you sure?
$ curl -I http://office.nextcloud.com/
HTTP/1.1 302 Found
Date: Mon, 20 May 2019 20:27:22 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
Do you really control the domain
office.nextcloud.com in the worldwide public DNS?
@jmorahan To be honest: I’m not sure. I just created the vHost with that domain name.
I’m totally new to vHosts and stuff like that…
You can only create certificates with domain names you control. These must be worldwide unique.
office.nextcloud.com your domain name?
office.nextcloud.com uses INWX as nameservers:
Domain Nameserver NS-IP
• ns.inwx.de / reg-fra1
• ns.inwx.de / reg-fra1
• ns.inwx.de / reg-fra1
Do you use INWX?
No. I just renamed the domain in the vHost conf file in
office.mynextcloud.com and can’t reach it. Guess I did something wrong in creating it?
That can't work. You need an own, worldwide unique domain name you have to use.
So I just checked a free domain name and used that. Still telling me “the page is not accessible”…
That can't work. You have to register a domain name, then create a DNS A entry yourdomain -> yourip, the ip address must be worldwide visible. So Letsencrypt can validate your domain ownership.
Start with the basics:
Okay, I got a subdomain of my university.
sudo certbot --apache -d other-40.umwelt-campus.de
sudo certbot run -a webroot -i apache -w /var/www/html/collab/ -d other-40.umwelt-campus.de
Still gets me:
Failed authorization procedure. other-40.umwelt-campus.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://other-40.umwelt-campus.de/.well-known/acme-challenge/iK5FafFe9xPfSI4v47k1SaBi76FTYRAnN7SiqYsPmOg: Timeout during connect (likely firewall problem)
- The following errors were reported by the server:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Your domain isn't visible (
Only timeouts. Looks like a firewall. An open port 80 is required.
You may switch to dns-01 validation. But that requires a dns entry. I don't think you have dns access.
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.