Trying to set up https for my Nextcloud server

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
starcross.ga
I ran this command:
sudo certbot certonly --webroot -v and sudo certbot certonly --standalone
It produced this output:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: starcross.ga
  Type:   unauthorized
  Detail: 195.20.53.187: Invalid response from http://starcross.ga/.well-known/acme-challenge/zOV_AMSSfJSa3tjRPftkGu04wBLIAVUjK9Lwh98WHNc: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\" \"http://www.w3.org/TR/html4/frameset.dtd\">\n\n<html>\n  <head>\n    <titl"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version):
Nextcloud Server 24.0.6 (I think that's the answer to this question?)
The operating system my web server runs on is (include version):
Ubuntu 22.04 LTS
My hosting provider, if applicable, is:
Oracle Cloud Free Tier
I can login to a root shell on my machine (yes or no, or I don't know):
Yes, I can SSH into the server
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No? Nextcloud and Oracle have control panels, but I don't think they're helpful to this instance where I'm working through the Ubuntu SSH
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot 1.31.0 (in Snap)

So, I am trying to set up my Nextcloud instance so that it uses https. Currently, I can access it directly through the public IP address that the Oracle panel says or I can go to my domain that I've set as also trusted in the Nextcloud settings. I would like to go to my domain and ensure that everything I do on the Nextcloud instance is secured by https. I am struggling to get the domain encrypted though. Also, when I go to the domain, Firefox tells me that I have to open the IP address in a new window because the " Website will not allow Firefox to display the page if another site has embedded it".
So I have a few issues I'm trying to fix. I am completely new to server management and know nothing about it so any help is greatly appreciated!

2

Hello @Starcross, welcome to the Let's Encrypt community. :slightly_smiling_face:

You server is serving this up for that URL:

image
image1027×892 19.6 KB
]

Additional other information:

image
image930×883 52.8 KB

1 Like
3

I noticed that, I had taken down my Nextcloud instance for a moment to test out the certbot utility and if I install anything that has to do with networking, I end up going back to square 1 with the Apache default page. I will reset up that Nextcloud instance and I'll update you from there.

4

Yet with https://www.redirect-checker.org/ the input being http://starcross.ga I see
Server: nginx as shown in my previous post. Are you using nginx as a proxy or something?

1 Like
5

Hm, so I was thinking, should I set up that Nextcloud server to point to the domain and make the domain forward to the server's public ip?

No, something told me to install nginx for something but I uninstalled it because it served me no benefit.

6

@Starcross please wait for more knowledgeable Let's Encrypt community volunteers to assist.

2 Likes
7

Yet right now I see Server: nginx.
Also X-Server: ip-172-31-36-246 but the IPv4 Address of starcross.ga (195.20.53.187), so there must be something proxying or redirecting it.

$ curl -Ii http://starcross.ga
HTTP/1.1 200
Server: nginx
Date: Tue, 01 Nov 2022 16:21:56 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Server: ip-172-31-36-246

$ ping starcross.ga
PING starcross.ga (195.20.53.187) 56(84) bytes of data.
64 bytes from 195.20.53.187 (195.20.53.187): icmp_seq=1 ttl=28 time=157 ms
64 bytes from 195.20.53.187 (195.20.53.187): icmp_seq=2 ttl=28 time=158 ms
64 bytes from 195.20.53.187 (195.20.53.187): icmp_seq=3 ttl=28 time=158 ms
^C
--- starcross.ga ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 156.731/157.780/158.470/0.754 ms
1 Like
8

Also Nextcloud has their own help community form as well.
Here are a few of their links:

2 Likes
9

From the server, please show the output of:
curl -4 ifconfig.co

2 Likes
10

The output is just my server's public IP

150.136.160.4
11

That IP doesn't match:

Name:    starcross.ga
Address: 195.20.53.187
3 Likes
12

I see, so what am I supposed to do about that? Also, apparently that IP address just leads back to the website in which I got the domain from

13

Do you understand how DNS works?
Is this your first domain?

3 Likes
14

I do not, this is my first domain and I'm just dabbling with a free server I got. Figured I'd play around with Nextcloud since I've been wanting to convert most or all of my digital life to open source software.

15

@Starcross I still feel for your Nextcloud endeavors that my post in this topic, post #8, is like one the best places for you to start with.

4 Likes
16

You should first understand how DNS plays a role in all things Internet.
Then you can get an HTTP site working [maybe: http://nextcloud.starcross.ga].
Then you can secure it with a cert [https://nextcloud.starcross.ga/].

5 Likes
17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.