Unable to create cert for subdomain on ubuntu nextcloud - apache

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nextcloud.gibgeeks.com

I ran this command:
nextcloud@nextclouud:~$ sudo certbot -v --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

---

1: nextcloud.gibgeeks.com

---

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for nextcloud.gibgeeks.com
Performing the following challenges:
http-01 challenge for nextcloud.gibgeeks.com
Waiting for verification...
Challenge failed for domain nextcloud.gibgeeks.com
http-01 challenge for nextcloud.gibgeeks.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: nextcloud.gibgeeks.com
Type: unauthorized
Detail: 162.241.30.77: Invalid response from http://nextcloud.gibgeeks.com/.well-known/acme-challenge/tWk0xSwSrR_g5lbecoPO6DiaJ-N_gvqjqJkGvOLszIg: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
It produced this output:

My web server is (include version):ubuntu 22.04

The operating system my web server runs on is (include version):ubuntu

My hosting provider, if applicable, is: home server

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): BlueHost

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot classic

I have pointed my subdomain to the public ip and allowed traffic on the router

Help!

What instructions did you follow to install NextCloud?

used learnlinux.tv as below but using video

Commands and code samples

Initial server setup

Adding a user

After setting up Ubuntu Server, create a user for yourself if you don’t already have one:

adduser <username>

Adding the user to the sudo group:

sudo usermod -aG sudo <username>

After creating your user, be sure to log out from root, log in as that user.

Updating packages

Before continuing, let’s make sure all installed packages are up to date.

sudo apt update

sudo apt dist-upgrade

Clean up orphan packages (if there are any):

sudo apt autoremove

Updating the hostname

Edit the following files, and be sure they include the proper hostname or domain name for your server:

sudo nano /etc/hostname

sudo nano /etc/hosts

Reboot your server so that all the changes we’ve made so far will take effect.

sudo reboot

While that’s rebooting, update DNS for the domain name if you have one, so that can replicate while we finish the other steps.

Downloading Nextcloud

We’ll need to grab the Nextcloud zip file, which contains the necessary files we’ll be needing. Click here to open the download page, then copy the URL for the zip file.

On the server, download the Nextcloud zip file using the URL that you copied from the site:

wget https://download.nextcloud.com/server/releases/latest.zip

Note: If that URL doesn’t work (it can change at any time) grab the URL from the Nextcloud site.

MariaDB Setup

Setting up the database server

First, let’s install the mariadb-server package:

sudo apt install mariadb-server

Check the status of the mariadb service:

systemctl status mariadb

Running the secure installation script

Although there’s many tweaks and adjustments you can make to secure MariaDB, running the following command and answering the prompts will give us a decent starting point:

sudo mysql_secure_installation

Follow the prompts to set up some very basic security defaults for the database server.

Creating the Nextcloud Database

Next, we’ll create the database we’ll be using for Nextcloud. To do this, we’ll need to access the MariaDB console:

sudo mariadb

Then, we’ll create the database and set up permissions with the following commands:

CREATE DATABASE nextcloud;

SHOW DATABASES;

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'mypassword';

FLUSH PRIVILEGES;

CTRL+D to exit

Apache Webserver Setup

Installing the required packages to support Apache:

sudo apt install php php-apcu php-bcmath php-cli php-common php-curl php-gd php-gmp php-imagick php-intl php-mbstring php-mysql php-zip php-xml

Check the status with of Apache:

systemctl status apache2

Enable the recommended PHP extensions:

sudo phpenmod bcmath gmp imagick intl

Install zip and unzip the Nextcloud zip file:

sudo apt install unzip

unzip latest.zip

Now that we’ve unzipped the files, let’s move the files to where they’ll be served from and also set the permissions as well:

mv nextcloud nextcloud.learnlinux.cloud

sudo chown -R www-data:www-data nextcloud.learnlinux.cloud

sudo mv nextcloud.learnlinux.cloud /var/www

sudo a2dissite 000-default.conf

Creating a host configuration file for Nextcloud

Next, we’ll set up a config file for Apache that tells it how to serve Nextcloud.

sudo nano /etc/apache2/sites-available/nextcloud.learnlinux.cloud.conf

Add the following contents to the file (be sure to adjust the file names to match yours):

<VirtualHost *:80>
    DocumentRoot "/var/www/nextcloud.learnlinux.cloud"
    ServerName nextcloud.learnlinux.cloud

    <Directory "/var/www/nextcloud.learnlinux.cloud/">
        Options MultiViews FollowSymlinks
        AllowOverride All
        Order allow,deny
        Allow from all
   </Directory>

   TransferLog /var/log/apache2/nextcloud.learnlinux.cloud_access.log
   ErrorLog /var/log/apache2/nextcloud.learnlinux.cloud_error.log

</VirtualHost>

Enable the site:

sudo a2ensite apache-config-file-name.conf

Configuring PHP

Almost there! The next step will have us change some PHP options. First, edit the following file:

sudo nano /etc/php/8.1/apache2/php.ini

Adjust the following parameters:

memory_limit = 512M
upload_max_filesize = 200M
max_execution_time = 360
post_max_size = 200M
date.timezone = America/Detroit
opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Enable the following PHP mods for Apache:

sudo a2enmod dir env headers mime rewrite ssl

Restart Apache to ensure the new PHP settings take effect:

sudo systemctl restart apache2

Acquiring a TLS certificate

Let’s set up Let’s Encrypt and obtain a certificate for our Nextcloud installation. The following steps will guide you through the process.

Note: Instructions are taken from this link, which you may want to visit in case the instructions change in the future.

Ensure snapd is installed:

sudo apt install snapd

Install the core snap:

sudo snap install core; sudo snap refresh core

Install Certbot:

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Attempt to obtain a certificate (DNS must have already propagated):

sudo certbot --apache

Answer the prompts carefully, and as long as you didn’t overlook everything you should have your very own TLS certificate!

Misc. Tweaks and Adjustments

Correct the permissions of the config.php file

We definitely wouldn’t want the config.php file to fall into the wrong hands, as it contains valuable setup information regarding our Nextcloud setup. Let’s adjust the permissions to better protect it.

sudo chmod 660 /var/www/<nextcloud_directory>/config/config.php

sudo chown root:www-data /var/www/<nextcloud_directory/config/config.php

Enable memory caching

Edit the Nextcloud config file:

sudo vim /var/www/nextcloud.learnlinux.cloud/config/config.php

Add the following line to the bottom:

'memcache.local' => '\\OC\\Memcache\\APCu',

Resolving warnings pertaining to the default phone region

Edit the Nextcloud config file:

sudo vim /var/www/nextcloud.learnlinux.cloud/config/config.php

Add the following line to the bottom of the file:

'default_phone_region' => 'US',

Note: Be sure to change “US” in the above example to your two-character country code, if yours is not US.

Get rid of the Image Magick error

Install the libmagickcore-6.q16-6-extra package:

sudo apt install libmagickcore-6.q16-6-extra

Enabling Strict Transport Security

Edit the SSL config file for our Nextcloud installation:

sudo vim /etc/apache2/sites-available/nextcloud.learnlinux.cloud-le-ssl.conf

Add the following line after the ServerName line:

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

That looks fine. I just noticed that your domain has two IP addresses:

$ dig +noall +answer nextcloud.gibgeeks.com
nextcloud.gibgeeks.com. 13190   IN      A       162.241.30.77
nextcloud.gibgeeks.com. 27590   IN      A       90.254.14.194

These seem to point to completely different Apache servers.

I think 90.254.14.194 is the correct one.

Do you know what the other one is? Can you try remove it and try again after a while?

Hi, Thanks. I have deleted those from the domain, I misunderstood the request to add a a record. should I try to get the cert again?

Just re-ran and that fixed the problem. Thanks you are a super super star!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.