Every few months my Nextcloud installation crashes.
I have created a bunch of instructions to reinstall it and it has always worked fine up until today.
I am on a Odroid C2
I go through the basic setup of Dietpi.
I install Nextcloud, which installs lightpd.
I install NoIP.
I install Certbot.
At this point my site works fine.
Today I go to install Letsencrypt. I complete the dialog and install it.
Now my site is dead. Can not access it at all.
Has anything changed? Am I missing a step?
Thanks
carltonb
Today I go to install Letsencrypt. I complete the dialog and install it.
Now my site is dead. Can not access it at all.
Has anything changed? Am I missing a step?
Nothing has changed our end, however, Cerbot may have. If you get the same results with Apache2/Nginx, let me know and i’ll create a ticket to investigate.
Though I am still having problems, possibly you could provide me with a few more details.
I load on to my emcc card the latest c2 image.
Set up my config files. Create static IP, change localization files. Activate NOIP
I then go and install Apache w/maria. Reboot.
Then change so that Apache is prefered Webserver. Reboot.
Landing page works for apache.
Install Nextcloud. Reboot.
IP address /nextcloud brings up nextcloud.
Install Certbot. Reboot.
IP address /nextcloud still works.
Install dietpi-letsencrypt. Add my NOIP domain, email address, enable refer, enable cron.
I get a pop up message about my certificate, then at end of install of letsencrypt I get errors.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for brookscloud.noip.me
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: brookscloud.noip.me
Please see the logfiles in /var/log/letsencrypt for more details.
Shut down droid, then restart.
At this point I go to browser and put in IP address /nextcloud. Comes up telling me that the site is not secure.
I go to my domaine address and it tells me the site can not be reached.
I also check the log files at /var/log/letsencrypt they are empty.
Where am I going wrong.
I appreciate any help you could provide.
carltonb
meanwhile our Nextcloud and LetsEncrypt (CertBot) implementations have vastly changed. We do support Lighttpd for both. Installing Nextcloud (with any webstack) + CertBot and running “dietpi-letsencrypt” should work.
If you face any issue, please give some more information about exact error messages, in case related log entries and service status.
I have a similar issue. Installed dietpi and then installed NextCloud and CertBot and proceeded to run dietpi-letsencrypt. Everything went well until I got the following message in the terminal
Requested name xxx.xxx.xxx.xxx is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address.
I had used a local IP address assigned by my router, and had left the email field NULL.
Now, even the web server does not work (site cannot be reached), https does not work ofcourse, and running Letsencrypt again says
Error: No compatible and/or active webserver was found. Aborting.
Don’t know how to roll it back because uninstall fails too. I have flashed my SDcard twice now and tried to replace the IP to my domain name with Google/Hostgator - to no avail.
NOTE: I have a domain name with Google and my shared webhosting is at hostgator but I do not want to use that to set up SSL on my home Nextcloud, partly because I thought that that would be an even more difficult task. By the way, letsencrypt was unable to communicate with my personal domain too.
Kindly help. If there is a detailed guide for Odroid C2 - DietPi - NextCloud - Lighttpd - Certbot from recent times, please let me know.
Will implement check on valid domain entry and break script if some error occurred during certbot execution. Also all adjustments should be done after certbot execution went fine.
Will wait for you to look into the problem. I can read the file you referenced, but am not versed enough to fix the problem myself.
I reinstalled from fresh and currently have a working installation of plexserver + samba share (external network drive) working. Next I wish to enable SSL (for https) and use it for Nextcloud (as well as for Plex Media Server). I am afraid that I will break my current plex server and samba share if I start experimenting with letsencrypt again. I’ll make an image of the SD card tonight.
Some noob questions, if you (or someone else) can answer -
Do I need to have a domain name on the world wide web (internet), like http://abcd.com, to be able to use letsencrypt? Or can it be used for local (intranet) servers like http://192.168.1.10 as well?
If letsencrypt can be used for local (intranet) servers too, do I need to use No-Ip to attach a domain name (say mylocalserver.ddns.net) to 192.168.1.10 (through router’s port-forwarding)? I ask this because I remember letsencrypt throwing an error like ‘cannot do it for IP addresses, need a domain name’ or something like that the last time I ran into the problem.
In the light of 1) and 2) above, all I wish to do is the enable https (or SSL) for 192.168.1.10 - which is the same machine on which diet-pi is installed. And then I wish for both plex media server and nextcloud to be able to use it. Is there something fundamentally wrong in my goals?
Yes, LetsEncrypt just accepts domains, no raw IP addresses, as also CertBot mentioned with error message.
LetsEncrypt cannot be used for local/intranet-only servers. For the authentication process it need to be reached from outside of local network, thus via direct internet access or forwarded ports 80+443.
Of course you could just enable internet access to the server to get the certificate and then use it just with the local network, but you would need to enable internet access at least every 90 days to renew the certificates life time.
If you just want to enable HTTPS within your local network, then maybe some self-signed certificate would be enough and easier to handle, as it does not depend on www access:
openssl req -x509 -sha256 -newkey rsa:2048 -nodes -keyout privkey.pem -out cert.pem -days 365
For a 2048 bit RSA cert with 365 days life time.
Only your clients/browsers need to be able to allow self-signed certs/import oneself as trusted CA, to hide warnings. Some browsers are quite strict with this nowadays .
About how to revert changes made, when DietPi-LetsEncrypt fails (Odroids/Jessie + Lighttpd):
rm /etc/cron.weekly/dietpi-letsencrypt
rm /etc/lighttpd/conf-enabled/letsencrypt.conf
rm /etc/lighttpd/conf-enabled/redirect.conf
lighttpd-disable-mod dietpi-hsts
rm /etc/lighttpd/conf-available/99-dietpi-hsts.conf
/etc/init.d/lighttpd force-reload
Made some rework on DietPi-LetsEncrypt to include error handling of CertBot execution and prevent webserver config adjustments if error was found: https://github.com/Fourdee/DietPi/pull/1738
Testing of this branch is welcome, as there are much versions/combinations of certbot/webservers. But I will test through all I can imagine as well .
Now that I know I have to use a domain name, I have one that is currently managed with Google Domains. Any configuration needed there? The corresponding web space is a ‘shared hosting baby plan’ with Hostgator. With a little reading, it seemed that Hostgator does not seamlessly allow baby plan subscribers to use SSL with LetsEncrypt. I’m confused if Letsencrypt will need me to configure anything at Google Domains or Hostgator. Last time I ran Letsencrypt, I remember it throwing some error regarding the domain name being not responding, or was it the email not responding. I will run it again soon with a NULL email address and get the exact error I receive (hope I don’t get any).
.
.