How can I secure connection to nextcloud?

Community Tutorials
41

stuck at point 10.
can access nextcloud from internet and lan via app and browser with noip.
But every time i try to run dietpi-letsencrypt the following errormassage appears.

- The following errors were reported by the server:

   Domain: xxxxxxx.xxxxx.org
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for xxxxxx.xxxxx.org -
   check that a DNS record exists for this domain
[FAILED] CertBot failed with error code (1), please check its terminal output. Aborting...

any ideas what i do wrong?
(pihole/nextcloud/unbound/noip installed)

42

looks like your DDNS domain is not existing as you get a NXDOMAIN. LetsEncrypt is trying to get an IPv4 address for your domain but without success.

   Detail: DNS problem: NXDOMAIN looking up A for xxxxxx.xxxxx.org -
   check that a DNS record exists for this domain

I would recommend to login to your NoIP account and check of your domain is registered correctly

43

as far as i can tell should be registered correctly.

tempsnip.png
tempsnip.png1158×136 9.51 KB

44

hi, can you check if your DNS record is found by global DNS server?

https://dnschecker.org/

Probably it was taking time to be published correctly

45

thx Joulinar,

while typing the url in the dnschecker i realized i fucked up the domainname in dietpi-letsencrypt without seeing it.
tiny little typo.
so as most of the times the problem sits in front of the display.
Thanks for your time.

46

at least you found it :slight_smile:

47

Hi there,

Is it possible to use Lets Encrypt but without the DDNS thing ? It’s just for syncing over my internal network and the iPad force me to use httpS so i’m stuck here…

Thanks

48

not really. Let’sEncrypt expects a DNS entry, as this is the domain name the certificate will be issued on. Next to this, the certificate need to renewed regularly, otherwise it will expire and you would get an error message on your browser as well. Maybe there are settings in Safari to deactivate forcing HTTPS.

49

Ok thanks, going to put another NO-IP ddns for this then.

Thanks !

50

If you already have a NoIP DDNS, you could use that one (if it’s pointing to your home internet access)

51

Yes it is, but the VPN is running on the Dietpi, and keep returning me error when I want to make the certificate

52

ah yeah that’s the challenge. There is no option to stop the VPN for a moment and create the cert?

53

Didn’t think about it -_-
Going to try right now

54

Maybe you would need to trigger NoIP client again to have the correct IP assigned. Better to crosscheck on NoIP Website that :slight_smile:

55

It doesn’t work neither, maybe port opening ? DDNS update ?

56

yes, you would need to have port 80/443 TCP open. And check that DDNS is correctly updated.

57

I’ve rerun the NO-IP, but concerning the port opening, on my router it’s fine or there is something to do on the rasp ?

58

OK so with port forwarding I can connect VIA the DDNS to the nextcloud, that’s cool, BUT, I can’t edit the certificate :

[FAILURE] Certbot failed with error code (1), please check its terminal output. Aborting...
59

you just need to ensure that port 80/443 TCP are forwarded from your router to your DietPi device.

Edit: what is the exact error message?

60

[FAILURE] Certbot failed with error code (1), please check its terminal output. Aborting…