ACME packages not allowed?
-
Hi all!
I recently setup a nextcloud snap on ubuntu, registered a domain name and wanted to use letsencrypt to get myself a nice SSL certificate through its build in lets-encrypt function.
However i ran into this error: http://XXXXX.nl/.well-known/acme-challenge/T_LUtymyAtw29gnQIFZRboGUtPGXyC9GndptOpP1bD4 with an type 'unauthorized'.I also attempted an self-signed certificate which is working fine and allowing me to acces my nextcloud through my domain, only with an untrusted SSL certificate. Quite bothering me to be honest.
So i went to search for a solution to the problem. Attempted to use certbot on my unbuntu server, guessing it had to do with the nextcloud snap. However: Same error.
I started to figure it was my pfsense giving me these hiccups. Installed the ACME package to see if it could get an letsencrypt certificate: No succes. Tried with both webroot local folder and DNS manual (both staging certificates since it is for testing purposes).
I ran in the follow errors respectively:
challenge_response_put Nextcloud, XXXXX.nl
FOUND domainitemwebroot
put token at: /usr/local/www/.well-known/acme-challenge//fAlakWwDSP6Yl7H7jOz-bw9n9u64sTGbLjcY01w2KYA
[Sat Dec 30 12:08:38 CET 2017] Found domain http api file: /tmp/acme/Nextcloud//httpapi/pfSenseacme.sh
[Sat Dec 30 12:08:38 CET 2017] XXXXX.nl:Verify error:Invalid response from http://XXXXX.nl/.well-known/acme-challenge/fAlakWwDSP6Yl7H7jOz-bw9n9u64sTGbLjcY01w2KYA:
[Sat Dec 30 12:08:38 CET 2017] Please check log file for more details: /tmp/acme/Nextcloud/acme_issuecert.logchallenge_response_put Nextcloud, XXXX.nl
FOUND domainitem[Sat Dec 30 12:12:46 CET 2017] Found domain http api file: /tmp/acme/Nextcloud//httpapi/pfSenseacme.sh
[Sat Dec 30 12:12:46 CET 2017] XXXXX.nl:Verify error:Invalid response from http://XXXX.nl/.well-known/acme-challenge/a0UPJYM5zaiDf5SZ3M7qcG-tLauBWwM3RTHmYA_Ei0M:
[Sat Dec 30 12:12:46 CET 2017] Please check log file for more details: /tmp/acme/Nextcloud/acme_issuecert.logAm i missing other settings in my router or is my domain name hoster blocking something??
Starting to feel its the latter…