Hello community,
I have an understanding question to dietpi:
I have Nextcloud with apache and Letsencrypt-certbot installed.
My question:
Are further manual configurations necessary?
Thanks for hints
1 Like
You would need to run dietpi-letsencrypt once to enable SSL. Afterwards your system will be reachable via HTTPS and should be fully functional. No further configuration needed.
Hello, Joulinar,
I’ll do it right away.
Thank for fast response.
Hello, Joulinar,
i have started from Console certbot and this info:
Timeout during connect (likely firewall problem)
I checked now my firewall-rules …
You would need to forward port 80/443 on your router to be able to generate official SSL certificate.
And one hint, share the whole error message or full log. Otherwise quite hard to follow and to know where the error happened
Hello,
My Firewall Ports 80 / 443 open now.
i keep getting:
Type: Connection
Detail:
During secondary validation:>IP dyndns<: Fetching http://user.domain.xx/.well-known/acme-challenge/…: Timeout during connect (likely firewall problem)
and
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by certbot.
Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Sorry, this hint tell: Ensure that …
But Joulinar say :
You would need to run dietpi-letsencrypt once to enable SSL. Afterwards your system will be reachable via HTTPS and should be fully functional. No further configuration needed.
Ensure that … Who ? cerbot or i
thanks for help / info
Do you have your own domain?
Where do you get this? In dietpi-letsencrypt?
What do you mean? Ensure what?
Still looks like your device is not reachable on port 80. Did you set up port forwarding to your device in your router settings?
old but maybe helps How can i enable SSL/HTTPS on my NexCloud setup on DietPi? - #2 by Joulinar
The NoIP part (steps 3 and 4) doesn’t fit as you can use your own DDNS, just skip or adjust the part on your needs.
I think running dietpi-letsencrypt from console is the key part here. Depending on the installed webserver, certbot needs to be run with the right authentication and configuration modules, and dietpi-letsencrypt does that automatically.
Hello, Jappe, Joulinar and MichaIng
thank you for your questions, answers and hints.
Yes, i have domain.
with certbot on console.
i receive as an issue of certbot
“Ensure that the listed domains point to this Apache server and that it is accessible from the internet.”
port 80 is open, is checked by an external service.
I have a domain, but i’m looking at
i have certbot startet with certbot –apache
perhaps this was not correct.
i keep trying
Try using dietpi-letsencrypt. This should do the magic
certbot --apache should be fine and prompt for all needed info. So probably dietpi-letsencrypt will give the same result then.
Does accessing the webserver with the public hostname and HTTP work, i.e. do you see the default Apache2 status page when accessing http://user.domain.xx in the browser? And does it also work when doing this explicitly from outside your LAN, e.g. from a mobile phone that is not connected via WiFi but mobile Internet? Otherwise check port forwarding in your router: opening ports in firewall is one thing, but forwarding traffic on those ports to the correct host inside the LAN the other.
Hello, Joulinar
I read points 1-9 from How-To.
I reach the Webserver Default Page :
in the LAN with the IP number of the Raspi-Dietpi and
from the Internet via http://meine_domain.de.
However, I noticed at How-To that the port release to the Raspi Dietpi should be configured before the Nextcloud installation.(Point 6 from How-To)
I only set up the port release after installing Nextcloud.
Can it be that the software installation is not complete?
Then I should repeat the installation.
.
No, the order of when the port forwarding is done is not critical. YOu could alos forward the ports before you install anything or even after you have installed everything, it doesn’t matter.
1 Like
Nothing to add from my side 
thank you for your answers
… no installation Letsencrypt possible
i will continue Error/Warning
During secondary validation:>IP mydomain org<: Fetching http: // mydomain org/.well-known/acme-challenge/…: Timeout during connect (likely firewall problem)
Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Here my order of installation
0
port release 80/443 from Router to Firewall / from Firewall to Raspi-dietpi
port 80 open (extern checked)
mydomain org is set up
1
complete reinstallation of dietpi, v9.19.2
2 my software selection
114 Nextcloud
92 Certbot
75 LASP
76 LAMP
83 Apache
89 PHP
87 SQLite
88 MariaDB
3 Test connection to Standard-Apache2-Statuspage
OK to http://ip_raspi_dietpi with Browser from intern LAN
OK to http ://mydomain.org with Mobilphonebrowser from mobil Internet
4 Test Nextcloud Welcome Page (Login)
OK to http://ip_raspi_dietpi/nextcloud/index.php with Browser from intern LAN
Actually, I didn’t want to set up a Nextcloud manually.
When you log into nextcloud, can you go into the admin settings and have a look for errors please (example.org/nextcloud/settings/admin/overview)
And can you also share your domain so we can do some checks. If you don’t want to post it here publicy you can also send me a DM.
Can you also share
sudo ss -tulpn
i found the solution.
The reason was still my firewall, although Port 80 was open.
The cause was a restricted country filter rule for my self-hosted VPN. Only Germany was released in this rule.
Letsencrypt tries to get to my port 80 from different countries when creating the certificate.
After deactivating this rule for creating the certificate, dietpi-letsencrypt ran through.
Then I reactivated Rule.
It is now about the processing of Nextcloud bugs / warnings: Especially the AppAPI deployment daemon.
But I use an existing / new thread.
I thank you all for your support.
1 Like
Befor you open a new thread, read this:
https://docs.nextcloud.com/server/stable/admin_manual/exapps_management/AppAPIAndExternalApps.html
If you don’t use external Apps you don’t need the deamon and you can just ignore the warning.
Keep in mind, certificate has limited life time and needs to be refreshed (happens automatically) from time to time.