I’ve been using your nextcloud+swag setup for a while now. I have my own domain, which I’ll call mydomain.tld for privacy reasons. Namecheap is the provider. I self host on hardware in my own home. Until yesterday, nextcloud.mydomain.tld worked fine. The difference is that I tried to add my jellyfin instance to my swag config. Let me clarify, jellyfin was already running, but unencrypted, and only accessible inside my LAN with by IP. I’m attempting to allow access to jellyfin outside of my home.
Some data that might be relevant:
- I’m learning. I don’t really have a very deep understanding of all this stuff.
- Until yesterday, I had a single A+ record:
nextcloud.mydomain.tld, i.e., I don’t have a record for@ormydomain.tldwithout a subdomain. This setup has been working fine for months. Encryption, routing, my dynamic dns setup, everything worked fine. - Yesterday, when attempting to add jfin to my swag setup, I created a CNAME record. I’m only 80% sure that this is the right move. IMO Namecheap’s documentation for doing this is a little confusing but here is what my namecheap domain setup looks like:
(I've faked some data for privacy, should be obvious)
| type | host | value | TTL |
| A+ | nextcloud | 1.1.1.1 | Automatic |
| CName Record | jfin | nextcloud.mydomain.tld | 5 min |
- CGPT told me that I should use dig to ensure that the cname is working, so here is some of the output (edited for brevity and privacy, of course):
; <<>> DiG 9.18.28 <<>> @8.8.8.8 jfin.mydomain.tld
dig @8.8.8.8 jfin.mydomain.tld
; (1 server found)
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45596
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; ANSWER SECTION:
jfin.mydomain.tld. 300 IN CNAME nextcloud.mydomain.tld.
I skipped some stuff, I think that’s the relevant data though.
So it seems like something kind of worked.
- Now neither my jfin or nextcloud instance are accessible outside my lan.
In addition to setting up that CNAME record, I also
- added jfin to my SUBDOMAINS field in the swag portion of my docker-compose.yml
- renamed the example file in swag’s config (removed the
.examplepart). - restarted all services via docker-compose.
- enabled
I think that it might just be a problem of misconfiguring the CNAME, but I’m open to any helpful suggestions. If I left some important data out, let me know.
I forgot to post the swag logs. Again, I’ll have to redact them for privacy.
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: jfin.mydomain.tld
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for jfin.mydomain.tld - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for jfin.mydomain.tld - check that a DNS record exists for this domain
Domain: mydomain.tld
Type: dns
Detail: no valid A records found for mydomain.tld; no valid AAAA records found for mydomain.tld
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container