What if port 80 is inaccessible and stopping TLS-SNI-01 with Certbot


#21

I don’t know your setup.

I can only say for certain that the system making the cert request needs to validate the response.
So if the Nextcloud machine is another IP - the cert request/response will most likely fail.

Maybe you can pencil in a quick napkin drawing of how it is all connected.


#22

Try it. Your redirect http -> https looks ok. Will it work? Check it.


#23

See:


#24

Guess what, port 80 now open!

Updated configuration:


#25

SOLVED -SOLVED -SOLVED -SOLVED -SOLVED

Congratulations, all renewals succeeded. The following certs have been renewed:

This worked: see the second picture, thanks to Jürgen and rg305. -> set port forwarding for http and https to the same machine. The Apache servers take care of the traffic, no need to change any of the config files. Then ran:

sudo certbot renew --dry-run

sudo certbot renew