Newbie to LSIO, and self-hosting in general.
I should preface this by saying that up until yesterday, I had an instance of LSIO’s nextcloud running (without letsencrypt or mariadb), DNS was correctly configured, ports were forwarded, life was good, except for the fact that I THINK that you can’t use NC’s password app with self-signed certs. Otherwise, I would have been content with the way it was. (I completely erased all files including config and data files for this older, simpler instance)
OK, I’m following the guide here:Let's Encrypt, Nginx & Reverse Proxy Starter Guide - 2019 Edition | LinuxServer.io
My redacted docker-compose:
version: "2"
services:
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
environment:
- PUID=1000
- PGID=1001
- TZ=America/Los_Angeles
volumes:
- /REDACTED/config/nextcloud:/config
- /REDACTED/nextcloud:/data
depends_on:
- mariadb
restart: unless-stopped
mariadb:
image: linuxserver/mariadb
container_name: mariadb
environment:
- PUID=1000
- PGID=1001
- MYSQL_ROOT_PASSWORD=REDACTED
- TZ=America/Los_Angeles
volumes:
- /REDACTED/config/mariadb:/config
restart: unless-stopped
letsencrypt:
image: linuxserver/letsencrypt
container_name: letsencrypt
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1001
- TZ=America/Los_Angeles
- URL=REDACTED.COM
- SUBDOMAINS=nextcloud
- VALIDATION=http
- ONLY_SUBDOMAINS=true
- EMAIL=REDACTED@EXAMPLE.COM
volumes:
- /REDACTED/config/letsencrypt:/config
ports:
- 443:443
- 80:80
restart: unless-stopped
Running logs on nextcloud and mariadb looks good, no errors. However, when I run the logs on letsencrypt (this is partial, focused on the problem. Also redacted):
http-01 challenge for nextcloud.redacted.com
http-01 challenge for redacted.com
Waiting for verification...
Challenge failed for domain nextcloud.redacted.com
Challenge failed for domain redacted.com
http-01 challenge for nextcloud.redacted.com
http-01 challenge for redacted.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nextcloud.redacted.com
Type: connection
Detail: Fetching
http://nextcloud.redacted.com/.well-known/acme-challenge/Dunno if this is sensitive, so redacted:
Connection refused
Domain: redacted.com
Type: connection
Detail: Fetching
http://redacted.com/.well-known/acme-challenge/redacted:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
Running lsof shows that ports 443 and 80 are open on the host. However if I point my browser at the local server IP address (or my external dns, or IP address), I don’t see NC. (Note that this did let me access NC before I attempted to use mariadb/letsencrypt).
I am certain that port forwarding is set correctly. I haven’t changed it since starting my attempt to use letsencrypt/mariadb with NC. (and once again, it worked before)
About google domains:
This could be where [one of] my problems[s] is. The guide says that you’re supposed to make a c-name point to an a-record, which in turn points to your IP address. I made an ‘a record’ called ‘@’ that points to my ip address, and then a c-name that points to that a record. Was ‘@’ the right thing to enter there? Google doesn’t really explain what @ means. OK, it looks like I did this right according to this: https://my.bluehost.com/hosting/help/whats-an-a-record
So, if letsencrypt is misconfigured and giving up, should I still be able to access nextcloud through the local lan ip address? (I just realized nginx probably complicates this). Maybe a better question is, what happens if letsencrypt fails, is the whole thing inaccessible?
I know this is a lot of text to dig through. I appreciate any help you can give.
PS: I copied nextcloud.subdomain.conf.sample to nextcloud.subdomain.conf, just in case that’s a question that might be asked of me.
PPS: Please let me know if I accidentally posted sensitive information.
EDIT: I just noticed that my nextcloud “data” dir contains nothing but nextcloud.log, and that is 60k of errors saying stuff like:
"level":3,"time":"2020-05-14T00:05:00+00:00","remoteAddr":"","user":"--","app":"cron","method":"","url":"--","message":{"Exception":"Exception","Message":"Not installed","Code":0,"Trace":[{"file":"/config/www/nextcloud/lib/base.php","line":651,"function":"checkInstalled","class":"OC","type":"::","args":[]},{"file":"/config/www/nextcloud/lib/base.php","line":1089,"function":"init","class":"OC","type":"::","args":[]},{"file":"/config/www/nextcloud/cron.php","line":42,"args":["/config/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/config/www/nextcloud/lib/base.php","Line":282,"CustomMessage":"--"},"userAgent":"--","version":""}
I thought that might reveal something. It also suggests to me that I don’t have a single problem, but multiple problems. It’s not just letsencrypt that’s misconfigured, it’s also nextcloud.