Ssl with ddns, apache2 and nextcloud

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: username.ddns.net

I ran this command:
certbot certonly --dry-run --webroot -w /var/www/letsencrypt -d username.ddns.net/nextcloud -d www.username.ddns.net/nextcloud

It produced this output:

Obtaining a new certificate
An unexpected error occurred: Error creating new order :: Cannot issue for “username.ddns.net/nextcloud”: Invalid character in DNS name (and 1 more problems. Refer to sub-problems for more information.)
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.

My web server is (include version):
Apache2.4

The operating system my web server runs on is (include version):
Xubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No, I want to use only ddns

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
$ certbot --version
certbot 0.23.0

I think that the problem is in domain name /nextcloud
But I don’t know how to solve it.
I type in browser username.ddns.net/nextcloud.
It shows me https, but browser tells me that certificate is bad.

Hi @fanishe

please share your domain name.

1 Like

I write upper, that domain is ddns username.ddns.net

You can’t create a certificate with a subfolder. Only domain names are allowed.

-d username.ddns.net -d www.username.ddns.net

may work.

But checking your domain with your username there is a http status 500 checking port 80. So creating a certificate can’t work. Port 80 must be open and must answer. Read the result ( https://check-your-website.server-daten.de/ ), fix your configuration, then recheck your domain.

1 Like

I use nmap
nmap my_white_ip

Nmap scan report for 95-24-*-.broadband.corbina.ru (95.24.215.70)
Host is up (0.0044s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp filtered telnet
53/tcp open domain
80/tcp open http
443/tcp open https
9091/tcp open xmltec-xmlmail

I think, that port 80, 443 is open, and I redirected it to my local server

Your port is open - see your check. But there is a http status 500 - Internal Server Error checking /.well-known/acme-challenge/random-filename.

So your http configuration doesn’t work.

Your https works, there is a self signed certificate, but no http status 500.

1 Like

certbot certonly --dry-run --webroot -w /var/www/letsencrypt -d username.ddns.net -d www.username.ddns.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges: http-01 challenge for username.ddns.net
http-01 challenge for www.username.ddns.net Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. username.ddns.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://username.ddns.net/.well-known/acme-challenge/MF2RN3RHMrO3xchg-ayJ6SvBg4Ai4xC-4ous0lZOJSo [95.24.215.70]: “\n\n500 Internal Server Error\n\n

Inter”, www.username.ddns.net (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.username.ddns.net

IMPORTANT NOTES:

Should I write port in

-d username.ddns.net:80 -d www.username.ddns.net:80

May be it would be better?

You don’t have a www version defined, so remove the www version in your command.

And your http doesn’t work - fix the http status 500.

If “check your website” shows a Grade S, that can’t work.

Please read the documentation:

And some basics about challenge types:

1 Like

Yeeeeah!
I’ve got it! The problem was that in some forums some People adviced me to use own domain+vps+reverse proxy to my server, that’s why I had a lot of anorher settings in conf files such as default-ssl.conf, 000-default.conf. I commented this strings and it gave me the certificates.

And if somebody will ask, can I get certificate for ddns, the answer is YES! And it works fine! (with default settings)

Thank for help.
P. S.
Sorry for my broken English :slight_smile: I’m from Russia

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.