Unable to get certificate for nextcloud snap

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: efficiency-inc.nl

I ran this command: nextcloud.enable-https lets-encrypt

It produced this output:

Attempting to obtain certificates... error running certbot:

Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for efficiency-inc.nl
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain efficiency-inc.nl
http-01 challenge for efficiency-inc.nl
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: efficiency-inc.nl
   Type:   connection
   Detail: xxxxx: Fetching
   http://efficiency-inc.nl/.well-known/acme-challenge/gaBm2JJl-wdSN9S9qgImPQRsHrbqN2otPdFUYY04cHg:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): nextcloud 27.1.8snap1 41514 latest/stable

The operating system my web server runs on is (include version): Raspberry pi 5 8GB 64-bit

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot build in snap nextcloud

There's nothing listening on port 80. The webroot plugin which apparently is being used by Nextcloud to get the certificate requires a functioning webserver on port 80. You need to make sure the webserver is somehow active.

I don't have experience with Nexctloud, so this generic advice is the only thing I can give you unfortunately.

Hi @Rizingknight72,

Here is a list of issued certificates crt.sh | efficiency-inc.nl, the latest being "Not Before: Apr 17 18:43:39 2024 GMT".

Why is a new certificate needed?
Or what has changed?

Using the online tool Let's Debug yields the same results that Osiris found here are the results https://letsdebug.net/efficiency-inc.nl/1888777

ANotWorking
ERROR
efficiency-inc.nl has an A (IPv4) record (83.83.165.172) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://efficiency-inc.nl/.well-known/acme-challenge/letsdebug-test": dial tcp 83.83.165.172:80: connect: connection refused

Trace:
@0ms: Making a request to http://efficiency-inc.nl/.well-known/acme-challenge/letsdebug-test (using initial IP 83.83.165.172)
@0ms: Dialing 83.83.165.172
@259ms: Experienced error: dial tcp 83.83.165.172:80: connect: connection refused

IssueFromLetsEncrypt
ERROR
A test authorization for efficiency-inc.nl to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
83.83.165.172: Fetching http://efficiency-inc.nl/.well-known/acme-challenge/x0-6Y-tm-eqjsJbNnw_px3zlk6YBcoBFpLloxEKcyVU: Connection refused

And shown with nmap both Ports 80 & 443 are Closed.

$ nmap -Pn -p80,443 efficiency-inc.nl
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-19 19:07 UTC
Nmap scan report for efficiency-inc.nl (83.83.165.172)
Host is up (0.26s latency).
rDNS record for 83.83.165.172: 83-83-165-172.cable.dynamic.v4.ziggo.nl

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.74 seconds

so a couple of days ago i had installed nextcloud on my raspberry but that raspberry broke down so i reinstalled it in a new raspberry. the previous raspberry was a rapberry pi 4 and the one i am using now is a raspberry pi 5.
So i have everything reinstalled on my new raspberry pi and used the exact same install method that i used on my previous one. the only difference is that there is a different ip adres.

the ports on the ip adres are already opend for both 80 and port 443.

And how are they opened?
And there is a server listening on Ports 80 & 443 on the raspberry pi 5?
(try netstat -a | grep http)
Are all the routers and firewalls between the Internet and your raspberry pi 5 permitting Ports 80 & 443 thought to connect?

$ nmap -Pn -p80,443 efficiency-inc.nl
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-19 19:45 UTC
Nmap scan report for efficiency-inc.nl (83.83.165.172)
Host is up (0.25s latency).
rDNS record for 83.83.165.172: 83-83-165-172.cable.dynamic.v4.ziggo.nl

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.66 seconds

I have opened them on my modem.

I also previous had opened them on my raspberry pi both that also did not work. i used for my raspberry py the Firewalld.

I also have reinstalled my raspberry just in case.

Does you raspberry pi 5 have the same local IP Address that your old broken raspberry pi 4 did?
If not did you update your router to port forward to the new IP Address?

i already have updated it to the new ip adres.

the whole process of how i installed my raspberry goes like this:

format a sd card in this case one of 251 GB and put Raspberry Pi OS Lite on there.

first i add the locales using raspi-config. those are:
en_GB.utf8
en_US.utf8

then i run:

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y && sudo rpi-update

then i install snapd and use snap install nextcloud.

after that i use:

nextcloud.enable-https lets-encrypt

Can you show the output of netstat -a | grep http?

nothing

So there is nothing on the system that is owning Ports 80 & 443, I suspect that is the problem.
Is the webserver actually running?
Or possibly did it start and then apparently silently die?

Or try netstat -a -n | grep :80
This is what I see on my system as an example.
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

nothing still

and yes i think it silently died. just check if i could access it on its local ip and also got a refused

Sorry.
Try look for the logs and see what they say.

but i have tried to install this 3 times today and it always is the same problem. ever time i reinstalled the raspberry

so the complete logs look like this:

2024-04-19 20:42:47,846:DEBUG:certbot.main:Arguments: ['--text', '--config-dir', '/var/snap/nextcloud/current/certs/certbot/config', '--work-dir', '/var/snap/nextcloud/current/certs/certbot/work', '--logs-dir', '/var/snap/nextcloud/current/certs/certbot/logs', '--authenticator', 'webroot', '--webroot-path', '/var/snap/nextcloud/current/certs/certbot', '--rsa-key-size', '4096', '--email', 'ayushbaboerampanday@gmail.com', '--non-interactive', '--agree-tos', '--force-renewal', '-d', 'efficiency-inc.nl']
2024-04-19 20:42:47,846:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nextcloud:webroot,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-04-19 20:42:47,858:DEBUG:certbot.log:Root logging level set at 20
2024-04-19 20:42:47,859:INFO:certbot.log:Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2024-04-19 20:42:47,860:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2024-04-19 20:42:47,867:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7ffee82d35d0>
Prep: True
2024-04-19 20:42:47,867:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7ffee82d35d0> and installer None
2024-04-19 20:42:47,868:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-04-19 20:42:49,703:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-04-19 20:42:49,711:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-04-19 20:42:50,222:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747
2024-04-19 20:42:50,223:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 19 Apr 2024 18:42:50 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "46hy4yCGyeg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-04-19 20:42:50,224:DEBUG:acme.client:Requesting fresh nonce
2024-04-19 20:42:50,224:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-04-19 20:42:50,373:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-04-19 20:42:50,374:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 19 Apr 2024 18:42:50 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Y89UXNyaPZBGK07IVx6ckDfTANOuQ0GObveR6Xgth2eyt2MRREk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-04-19 20:42:50,374:DEBUG:acme.client:Storing nonce: Y89UXNyaPZBGK07IVx6ckDfTANOuQ0GObveR6Xgth2eyt2MRREk
2024-04-19 20:42:50,374:DEBUG:acme.client:JWS payload:
{
  "termsOfServiceAgreed": true,
  "resource": "new-reg",
  "contact": [
    "mailto:ayushbaboerampanday@gmail.com"
  ]
}
2024-04-19 20:42:50,408:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJub25jZSI6ICJZODlVWE55YVBaQkdLMDdJVng2Y2tEZlRBTk91UTBHT2J2ZVI2WGd0aDJleXQyTVJSRWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJxd0MzLXJJRFIxOEpYOTktaUFPWVVHVjZoc0g2NTM0U0NmR3NsaGNNdUVBaG9RWHJZZDRuRGRENGFmMURFQ0FQRGJzWVZWTzN4dUtIMk1YT0RGZWZSOTA3djVCekU2bXQ3cGgwUVliTkQ2VUNrQmtiR2dHejlfVGxEb2R3aHhabWJJcjdoN0dOQzRvVFBwRjNqcTg2MEhZMVNLdzhzcGJvNDIzNnhHRkcxcjA5SVFqbTRHRmFhaTY1TkdQNXN6eHJFSFh5NFREV3BHRkJRMEo2VV9xTlpqeTRsRUJWSnpHR19SSmZSNmxhZHRuQ25xa0pOMGFkQnpTZUhfTHRmaGRMMTlUbU52N0kyN1RScmpOcmMyX0VFbmpUdW5pYmVod1dkQVRNWUZLZDdGS25nb0cwbVo1ejJfSkpnUzBEbUEzOGlkRUVael80dDl5cTRTSHJhRjJ3VnJCR0NVbWE3bnF0bEN2UlZkTmpiS0stQ0J2TFE1QVRwQzczMk5IWHI2eUNvdjFQa2lNcUJWNGkzRGttTl92N1BDX3BETWloRTM5TnVzTVktUmx1MVp4Y2swQlBWN2FYVTFNRk9sSDBVcFdlRVhIOEpRa3RXREtsb2piOVpBNlJGVzQzRmJGZE5oMUMyMVZsdUNNUXZKNUh0bjZZV3htQ2pXU2hmYkwxcXJiblhwazZNbjNoZVZjOU0yb3JQYlJyWUU5eTI0Q3RrR2JGdjVqTW1CaEdCQ0tGUlRfWXVVOWEtUkx0aW9sdWc1aUNTaFFsYkl1cmtmXzRCQ2IydUhWd2ZQQno1UFl2NjlRTFVhR081X3p1Mno5TTRrMU5tQ29qdjZSZDlrcmVSbF9kM2R2Q0ZsVm1fMUxucmdUZkYyeWNkUEtwTzNMRm84V3UxQ29CeHhhZWlrayJ9LCAiYWxnIjogIlJTMjU2In0",
  "payload": "ewogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUsIAogICJyZXNvdXJjZSI6ICJuZXctcmVnIiwgCiAgImNvbnRhY3QiOiBbCiAgICAibWFpbHRvOmF5dXNoYmFib2VyYW1wYW5kYXlAZ21haWwuY29tIgogIF0KfQ",
  "signature": "i6fae5O8C58Eo_1HPk6v5SYBxQc1BwduuubHFt7Gryk7j435QLsYcUqP5XqUoRMcGW_1u6DMWvQbeZjHxAe9z-TDoqt1dZN6pOzFDp406h9c_ToxIMTfNLFUmzwD0OzXc-_AAAGX2pBT3CA13Ju4wBAUXHqdmcaYg0PNXCY_3-qOUdj8-kgf66dgn2yjYa9hrgl414YdfOa4O_jCXwitndaAhMa52lVAXZMoCcHMbHLd-nkRxbT-4paf_L-DPFRcYnKlQXvWQXk2HN9qN8IbxWjJoer1UEVEMXAoDUHU3ry2vQZbcljWbm1KdNe4sxgX-Mf5s7sKQ-4jO8OE2-U2MPnFwCyEMv_9AN-KYkmI2z6gB5mttHcMdcTW0YuKyOdrmv3cMMMs-BqDckgPF4UWux5yKDiNeVXCo0kWKM2O7o3m0f4whuqBocSgdlYzWbnUzCTgtijMdXlHQKfBQNTvnX7l0K-KApfsgfOB9xJ4uW80tmU5DzSiSeXzlTBx6beynq-tPfXTjj13gaaW7warXUvgGMhxbObWfL9hOahqH25VLHz5VRoNZqDEtI19Ee2leHqsdJF2MXie3-A7URdL8gRDZpuhS-3sJFSSgcp9huK1EHEmTcvWFCBK1sqJ1hyGc_0RUrRIIQyhOvt2U-NsTuaxhouAf_0-gL2dk8VTC54"
}
2024-04-19 20:42:50,620:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 936
2024-04-19 20:42:50,621:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 19 Apr 2024 18:42:50 GMT
Content-Type: application/json
Content-Length: 936
Connection: keep-alive
Boulder-Requester: 1682270317
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/1682270317
Replay-Nonce: Y89UXNyaYnWuAeff81RHKKzgyuogjbpcZYymY4fO9zkkaWUyGtQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "qwC3-rIDR18JX99-iAOYUGV6hsH6534SCfGslhcMuEAhoQXrYd4nDdD4af1DECAPDbsYVVO3xuKH2MXODFefR907v5BzE6mt7ph0QYbND6UCkBkbGgGz9_TlDodwhxZmbIr7h7GNC4oTPpF3jq860HY1SKw8spbo4236xGFG1r09IQjm4GFaai65NGP5szxrEHXy4TDWpGFBQ0J6U_qNZjy4lEBVJzGG_RJfR6ladtnCnqkJN0adBzSeH_LtfhdL19TmNv7I27TRrjNrc2_EEnjTunibehwWdATMYFKd7FKngoG0mZ5z2_JJgS0DmA38idEEZz_4t9yq4SHraF2wVrBGCUma7nqtlCvRVdNjbKK-CBvLQ5ATpC732NHXr6yCov1PkiMqBV4i3DkmN_v7PC_pDMihE39NusMY-Rlu1Zxck0BPV7aXU1MFOlH0UpWeEXH8JQktWDKlojb9ZA6RFW43FbFdNh1C21VluCMQvJ5Htn6YWxmCjWShfbL1qrbnXpk6Mn3heVc9M2orPbRrYE9y24CtkGbFv5jMmBhGBCKFRT_YuU9a-RLtiolug5iCShQlbIurkf_4BCb2uHVwfPBz5PYv69QLUaGO5_zu2z9M4k1NmCojv6Rd9kreRl_d3dvCFlVm_1LnrgTfF2ycdPKpO3LFo8Wu1CoBxxaeikk",
    "e": "AQAB"
  },
  "contact": [
    "mailto:ayushbaboerampanday@gmail.com"
  ],
  "initialIp": "2001:1c02:2f15:c00:b56e:597d:e394:1ea",
  "createdAt": "2024-04-19T18:42:50.53027973Z",
  "status": "valid"
}
2024-04-19 20:42:50,621:DEBUG:acme.client:Storing nonce: Y89UXNyaYnWuAeff81RHKKzgyuogjbpcZYymY4fO9zkkaWUyGtQ
2024-04-19 20:42:50,625:DEBUG:certbot.reporter:Reporting to user: Your account credentials have been saved in your Certbot configuration directory at /var/snap/nextcloud/current/certs/certbot/config. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
2024-04-19 20:42:50,630:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=u'valid', terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(u'mailto:ayushbaboerampanday@gmail.com',), key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7ffee7f7b290>)>), external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1682270317', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'), 74fd519bb115128c118566cf35da78f6, Meta(creation_host='nextcloud', creation_dt=datetime.datetime(2024, 4, 19, 18, 42, 50, tzinfo=<UTC>)))>
2024-04-19 20:42:50,631:INFO:certbot.main:Obtaining a new certificate
2024-04-19 20:42:56,221:DEBUG:certbot.crypto_util:Generating key (4096 bits): /var/snap/nextcloud/current/certs/certbot/config/keys/0000_key-certbot.pem
2024-04-19 20:42:56,251:DEBUG:certbot.crypto_util:Creating CSR: /var/snap/nextcloud/current/certs/certbot/config/csr/0000_csr-certbot.pem
2024-04-19 20:42:56,252:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns",
      "value": "efficiency-inc.nl"
    }
  ]
}
2024-04-19 20:42:56,278:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICJZODlVWE55YVluV3VBZWZmODFSSEtLemd5dW9namJwY1pZeW1ZNGZPOXpra2FXVXlHdFEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjgyMjcwMzE3IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJlZmZpY2llbmN5LWluYy5ubCIKICAgIH0KICBdCn0",
  "signature": "RgzS3WAFo_vGNfk8bNKxJdkoMNmE-gXoIhV9neL9Bi6fXQk-9cLwg1uZCqVSTSiaEMAvTCgjdNkzkMsx4WzSlZVwjbyXgasflrvWYpVXne-MXK2mS6wgT4By98RgubvgNF5HUqXZbEoNQoRSMauKnBPlB-3hsU3WLUgJVZJLUmF-32y8CUS7lz9NFrHpLrfXtT4uIGMkyNE4tdjlJYWybEZiuEBm6Tu09cXY2DKz_Ta2A9DRJXLKr1oTGKBXcMDhIwoQeGMXSZyZ0t13DvxeT3rQuOGKetEF2huZ9R_7-6VjJl4Nb7OdZu5YsZpNAFnqSOyLYaJ2R7aVCC53dDYJHaVYcMUELOeJgAbOZGstR8JEdLlTiWim6BD3hpqGHzEDIYnxB04-IDiIAM_pt80LZJcM_6xXrH3VXU7LH7-z4MMVw0RBaXiXFRtzUpVKyaWqlnbLZ0urQFTRIFToHViUM8baD7A3jUf5R-rZEvv0Lm3KSLE0cnSn3UrwtlbKa50WRQUWkLZVjqNz8nqMx9iCyP8_0KwpvTz3xumnk4Z17x2HZM3gxfAozyu5_NBIGiF9Qh2En5NGOrd3fUx4Oj2QwiX6DSZeicy4BfhhMhCJ9Izd2VCqbeX8F37z54NiPvCXSGjLGohpEgN-5oC-8PBcjs1M4-zWcO4a_GJ4A6fpajc"
}
2024-04-19 20:42:56,602:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 343
2024-04-19 20:42:56,602:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 19 Apr 2024 18:42:56 GMT
Content-Type: application/json
Content-Length: 343
Connection: keep-alive
Boulder-Requester: 1682270317
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1682270317/262353715977
Replay-Nonce: Y89UXNyake5Ci8SWBIQB89B2jfH7bKSThFlWeRzCkbNnP5QcAZ4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-04-26T18:42:56Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "efficiency-inc.nl"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/340509632427"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1682270317/262353715977"
}
2024-04-19 20:42:56,603:DEBUG:acme.client:Storing nonce: Y89UXNyake5Ci8SWBIQB89B2jfH7bKSThFlWeRzCkbNnP5QcAZ4
2024-04-19 20:42:56,605:DEBUG:acme.client:JWS payload:

2024-04-19 20:42:56,630:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/340509632427:
{
  "protected": "eyJub25jZSI6ICJZODlVWE55YWtlNUNpOFNXQklRQjg5QjJqZkg3YktTVGhGbFdlUnpDa2JOblA1UWNBWjQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0MDUwOTYzMjQyNyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjgyMjcwMzE3IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "OGh0ditn0aMZeAz6vUwjCZgEGYjEKt84cvq7Lc3pHP8e6Rq6HaKs8hmLA8gs_eVjL2iVinYqosNDiqj4m02caT81SP85rgkEQL93hO-qRRJSEFVVYQKEzXG4YdJ29jGV4i6lKYjFDsvo3KXHmUvSonv3jP7J934z0ZJJ6BBwPGMZsIDCW5kZeo9DTX_eOVuvqrxmXbyPKl_9RU24EVsDgZiFGgofA_SSgQVK6Ot_mC2Y1EJBl3PxxNGZTKYbkFwVbFNDn8hbXb5eKEwiKv9-wlQZA63qeHrTIZ33au8J0F6bF4_ZgO8TH1x8lqpLQdBLlxN7H1l1UKfR6yCbS562rkqcG0jatHQZUXIVyJ0rxcvrBlsMEhylqFXPbXzDiwAHxFzCEBEtwD5rtVOpSMUlmYcbcO4C6rCLC_SX4hi5Dy936BwPYrE1BNAiTcI3nXFZTDupmCe1oUCFSy26DRO2NSdfFHgT65q_WCoHoun4h__7nWhXvZhJVVNRMxh9gVKOTb0wq1UKwWQVG7cSdjygndA0CT6fSkScuq32N-FD4tRdFPTBxrd3Siu4QV4LeqWS4JrH_PQPunWyJoLnpuNhyy58qHHxYnM65qRmuzN5DqOqO1QzUKloXogiUcYzWnjvxWfAcp4-vXyKHnGabhd6A60WXbMMKFK0GKRXL3_1sLE"
}
2024-04-19 20:42:56,779:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/340509632427 HTTP/1.1" 200 801
2024-04-19 20:42:56,779:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 19 Apr 2024 18:42:56 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 1682270317
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: FUnC6kMpDdZdYP7ZgVtQxkVbNuw0nGUaXdr4OfO1IGUmVmIBalc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "efficiency-inc.nl"
  },
  "status": "pending",
  "expires": "2024-04-26T18:42:56Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/5kqYyw",
      "token": "t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/ZsqagA",
      "token": "t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/e2qyEg",
      "token": "t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs"
    }
  ]
}
2024-04-19 20:42:56,780:DEBUG:acme.client:Storing nonce: FUnC6kMpDdZdYP7ZgVtQxkVbNuw0nGUaXdr4OfO1IGUmVmIBalc
2024-04-19 20:42:56,780:INFO:certbot.auth_handler:Performing the following challenges:
2024-04-19 20:42:56,780:INFO:certbot.auth_handler:http-01 challenge for efficiency-inc.nl
2024-04-19 20:42:56,780:INFO:certbot.plugins.webroot:Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
2024-04-19 20:42:56,781:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/snap/nextcloud/current/certs/certbot/.well-known/acme-challenge
2024-04-19 20:42:56,790:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/snap/nextcloud/current/certs/certbot/.well-known/acme-challenge/t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs
2024-04-19 20:42:56,791:INFO:certbot.auth_handler:Waiting for verification...
2024-04-19 20:42:56,791:DEBUG:acme.client:JWS payload:
{
  "type": "http-01",
  "resource": "challenge"
}
2024-04-19 20:42:56,817:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/5kqYyw:
{
  "protected": "eyJub25jZSI6ICJGVW5DNmtNcERkWmRZUDdaZ1Z0UXhrVmJOdXcwbkdVYVhkcjRPZk8xSUdVbVZtSUJhbGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM0MDUwOTYzMjQyNy81a3FZeXciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTY4MjI3MDMxNyIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
  "signature": "AWADr9PJ0rIEE7EoLQ7ToBoKOZrvYfdPdf7FTfeFY7XYIQYu9TGK9m1Mk-TOTV_B5TE0HI8VrUVu73wg2Cfh8R8EyMgBoZqznJmspUhHVLaM3t-XXogD9zv1fcVb6quu7gBDpaxVdz3_ln9NrD4M4azrW_V-klRS_bAqiPR2GCSu-z4vV77rD6KbQ9O60QAXxEBDOdLAwAaY3KBLTtN5EC9tzX6559KK3SlBFE7M1K2WWdWaIP_g_XKnwWbJhukpwJfrBQwfbFfxS0-ZfkPeD3JJ7VKxJowaJ_fUfgXRVK5Ro-UsOHVwBN0Eh06lBCvZAmgg23E0HUFIgn9cK2SOnYu36cgHjOl-izlEpRZ51AqPSpIDSsvgJn2sjTN7Sv79b02tDUdRfFHUsEw1oHNYzxiLXRvqB9EwSMRaRscvylLA1Tazay5YTN8VuSPhx7hR_3kEFeYX6gVbxCsaQvKV4C1Q3BGCN6YcJSzdiP0yA5hgcc1MijgqqYvilq9POIN_crIUzjvkMxRU0t2EeNIWOmcHQCyz2Pgi9Id63lTJQQK2yxwMI3ytiW-KAOhnIwj52VK9sfdj8KXiSdGiySMf90V0F2pdRv7ov4Bq7gIWyUWycdRvg73xOUq6wtY70tZv9j4yo0jlt5LiqvNIkQsfYSTXAUO7zovUBXzvdFey9wU"
}
2024-04-19 20:42:56,983:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/340509632427/5kqYyw HTTP/1.1" 200 187
2024-04-19 20:42:56,984:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 19 Apr 2024 18:42:56 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1682270317
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/340509632427>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/5kqYyw
Replay-Nonce: Y89UXNyaRN7hkuaDY2VhqzKEth5chS37pnzT_0KGWGFcRqKJXRM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/5kqYyw",
  "token": "t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs"
}
2024-04-19 20:42:56,984:DEBUG:acme.client:Storing nonce: Y89UXNyaRN7hkuaDY2VhqzKEth5chS37pnzT_0KGWGFcRqKJXRM
2024-04-19 20:42:57,986:DEBUG:acme.client:JWS payload:

2024-04-19 20:42:58,013:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/340509632427:
{
  "protected": "eyJub25jZSI6ICJZODlVWE55YVJON2hrdWFEWTJWaHF6S0V0aDVjaFMzN3BuelRfMEtHV0dGY1JxS0pYUk0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0MDUwOTYzMjQyNyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjgyMjcwMzE3IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "R0kthDk1N7ZxWEgpM0i7jiKodUIGHcfAD7rKIKcRmUOQk4oE1odEGUkv1b43nhh4Pv5fPicm8lQSlONNmMNedJ2K6oaIVBRN-GRPIj9AhqhjCzfC3Hf5NboutLLN5DoMJGVid1qXY0aHNQXa74QwC82XyXQksj1fvZ1MEh7WPzDuvAZO0AEZaMoRsWjSw_8c65eCwfa_jrSDkC5nIqCUhBiKNRBmwH-z3b9TGkunOoRpZMClVVjRDzlNjZK-_2FGq_osgjvk9s0IbqP39Ubw9FB2P7kZQSVazWdvlq3SqutjywxquT-EATRbpT-q3Mlt3si7EejWwGYL2kRxAURlSSusdhQE66l_GMxoQbZ2lgf2WdRKHE0THtedTohb9ictAsxIZg3uDqOpl8ZLVsvT6hwYQamMSfnYgx9hbzyu27kWVTJvQiKFXnTZuY_7qf4LwQRgxZIana9X_luCf7XkWyiR_Y-IamPohJKmKmS103Wi-Pmpr5B_FdmzqDBsEw7L_E-me0-ZgO6bRFXS1DYr6KuEYyE7V9zQdHce0zRWD_lg0cYOKlPb1qTTk8NcRUrKC3OLA-Pqd_JeIGTi3HMkq01UylS_mcGxb9iBwHhKOx4vnLOSwFM7Pkkw_Fi-KJV4NgKaDTWfP5DQdUMdP-OuWJMssxa2m7abFnW_TSDZMNM"
}
2024-04-19 20:42:58,174:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/340509632427 HTTP/1.1" 200 1148
2024-04-19 20:42:58,175:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 19 Apr 2024 18:42:58 GMT
Content-Type: application/json
Content-Length: 1148
Connection: keep-alive
Boulder-Requester: 1682270317
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: FUnC6kMpo4wCW4FbqM1VggZKSsxvpS6hQpBrebUWZ8vALYQPd8U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "efficiency-inc.nl"
  },
  "status": "invalid",
  "expires": "2024-04-26T18:42:56Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "83.83.165.172: Fetching http://efficiency-inc.nl/.well-known/acme-challenge/t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs: Connection refused",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/340509632427/5kqYyw",
      "token": "t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs",
      "validationRecord": [
        {
          "url": "http://efficiency-inc.nl/.well-known/acme-challenge/t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs",
          "hostname": "efficiency-inc.nl",
          "port": "80",
          "addressesResolved": [
            "83.83.165.172"
          ],
          "addressUsed": "83.83.165.172",
          "resolverAddrs": [
            "A:10.1.12.82:28098",
            "AAAA:10.1.12.84:21929"
          ]
        }
      ],
      "validated": "2024-04-19T18:42:56Z"
    }
  ]
}
2024-04-19 20:42:58,175:DEBUG:acme.client:Storing nonce: FUnC6kMpo4wCW4FbqM1VggZKSsxvpS6hQpBrebUWZ8vALYQPd8U
2024-04-19 20:42:58,176:WARNING:certbot.auth_handler:Challenge failed for domain efficiency-inc.nl
2024-04-19 20:42:58,176:INFO:certbot.auth_handler:http-01 challenge for efficiency-inc.nl
2024-04-19 20:42:58,176:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: efficiency-inc.nl
Type:   connection
Detail: 83.83.165.172: Fetching http://efficiency-inc.nl/.well-known/acme-challenge/t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs: Connection refused

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2024-04-19 20:42:58,176:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2024-04-19 20:42:58,176:DEBUG:certbot.error_handler:Calling registered functions
2024-04-19 20:42:58,176:INFO:certbot.auth_handler:Cleaning up challenges
2024-04-19 20:42:58,177:DEBUG:certbot.plugins.webroot:Removing /var/snap/nextcloud/current/certs/certbot/.well-known/acme-challenge/t55ftDICfJqfQqNLC189S2buDY2CO0-CspHvJ-a_gNs
2024-04-19 20:42:58,177:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2024-04-19 20:42:58,177:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/nextcloud/41514/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/main.py", line 1249, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/main.py", line 120, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/client.py", line 406, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/client.py", line 349, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/client.py", line 385, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/nextcloud/41514/lib/python2.7/site-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

so i installed ufw and enabled port 80 and 443.

now when i do netstat -a | grep http i get:

tcp6       0      0 2001-1c02-2f15-0c:53482 2606:4700:60:0:f5:https TIME_WAIT

but i dies again when i try to do lets-encrypt

@Rizingknight72
Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

OKe thanks for all the help till now