Letsencrypt problem

  • forgive my english, i'm using google translate
    I hope this is the right section for my problem
    I was following the tutorial for Nextcloud remotely,
    when I ran into a problem.


    In this problem:



    you all feel my last resort, I've been looking for solutions for two days without finding them
    I've been trying to learn openmediavault for a short time now, I love it and would like to learn how to use it better


    I apologize again for my bad english
    I hope you can help me


    Thanks in advance

  • Hello!
    Whats your mother's language?


    Looks like the error say it couldn't resolve the hostname back to your local WAN IP:


    Are you familiar with DNS?
    if you ping your hostname (like XXXXXXXXXX.duckdns.org " does it show you the right IP Address (the one that shows here: https://whatismyipaddress.com/fr/mon-ip) Asusming you're one the site you're trying to reach from outside.
    Alsos did you open the port that let'sencrypt need (80) on your firewall / modem?

  • Hello antipiot, I'm italian, thank you for answering me


    It's not the first time I use DSN, I understand how it works, but I'm not exactly an expert
    using the tutorial that I linked to the previous post, I can only connect to the modem login page,




    only in https, so I think the DNS correctly uses my ip-




    this is my port forwarding, I followed what the tutorial said


  • Okay, so:


    Your OMV IP is .82 right?


    As i understand from your screenshots you forwarded the following:


    xxxxxxx.duckdns.org:443-450 80-90 to 192.168.1.82:443-450 80-90.
    Is that right?


    The thing is: If your NAT is working, if your NAS is at 192.168.1.82 and listening to forwarded ports:


    You should not get your router web GUI: this prove something's wrong with the NAT (if i get it right :) )


    What i would do is:


    Trying to open WAN Access to OMB WEBGUI (wich should already be the case assuming your OMV is listening on 443) to validate the NAT parameters.




    Once this works, apply same parameters for the 80 port and try go generate certificate again.


    Hope i'm clear :)

  • Zitat von antipiot

    Okay, so:
    Your OMV IP is .82 right?
    As i understand from your screenshots you forwarded the following:
    xxxxxxx.duckdns.org:443-450 80-90 to 192.168.1.82:443-450 80-90.
    Is that right?

    yes, but it only works 443, all the other ports do not work, if I use https://xxxxx.duckdns.org:80 or 90 or the others do not work
    if I use :4200 I will be directed to the shellinabox page




    Zitat von antipiot

    The thing is: If your NAT is working, if your NAS is at 192.168.1.82 and listening to forwarded ports:
    You should not get your router web GUI: this prove something's wrong with the NAT (if i get it right :) )


    the problem is that if I register now a new DNS with NO-IP or other,
    I will always get my modem access page



    Zitat von antipiot

    What i would do is:
    Trying to open WAN Access to OMB WEBGUI (wich should already be the case assuming your OMV is listening on 443) to validate the NAT parameters.

    I'm not sure I understand
    but this is the activation page for remote modem access:


    qualsiasi WAN = any WAN
    abilita = enable

  • I'm not sure I understandbut this is the activation page for remote modem access:


    qualsiasi WAN = any WAN
    abilita = enable

    I would suggest to disable thoses things: wan side:
    A port can only be used for a device:
    EDIT: this is not clear: if you enable remote access to your router on port 443 then use this port in NAT.
    Your router will follow (i guess ) the first mathing case wich is routing to himself on port 443.
    Due to that, you'll not be able to use the ports used by remote access services when enabled.


    If you have 80 and 443 activated for WAN to Router, they can't be used for NAT.


    I'd suggest you to disable all the WAN check as they block the needed port for nothing.

  • I have already done this, I have disabled all the modem WAN inputs


    I have deleted all the containers from the docker and rewritten them
    the problem has not been solved


    I feel discouraged, I can not find a solution

  • Dont feel discouraged :) Once you've gone trough this you'll know what's up^^.


    So first of all it seems your mixing things:

    I have deleted all the containers from the docker and rewritten them
    the problem has not been solved

    The container and the remote acces are not directly related: if you can't rech your nextcloud from ousitde, it doesent mean your nextcloud is bad.


    1: run a docker nextcloud - prove it running from LAN : OK? if yes, what's the URL you use on lan to reach it?


    go to step 2.


    2: Get a remote access to it by doing NAT.

  • today I received my new hardware for my NAS :D
    so I made a new installation of OMV, I tried again but the error is always the same


    if I enter :444 (mydomain.duckdns.org:444) I have a nextcloud server error:
    Log in through an untrusted domain
    Contact your administrator. If you are an administrator, edit the "trusted_domains" setting in config / config.php as the example available in config / config.sample.php.


    Further configuration information is available in the documentation.


    I also translated the error message, I hope you understand :P
    is there anything I need to set up in my modem? beyond port forwarding.

  • Hello!
    This is expected:


    You have to edit the config.sample.php to allow connexions from this domain name:


    To do this, simply go in your Nextcloud configuration folder and find the "config.php" file in ./www/nextcloud/config/config.php ( i think it may vary so search for it)


    edit this line to add your domain name:


    Code
    'trusted_domains' =>
      array (
        'demo.example.org',
        'otherdomain.example.org',
      ),



    Save file - Reboot nextcloud - Enjoy :)

  • I have already modified the config.php, following the Techno Dad Life tutorial


    now it does not even work in local
    I'm sorry for the noob question:
    if in the modem the DMZ is active at the server ip, this should have all the ports open, right?
    I should not receive this error
    it was just a test to see if the problem is port forwarding
    I do not know if it can help to solve my problem

  • I'm sorry for the noob question:
    if in the modem the DMZ is active at the server ip, this should have all the ports open, right?
    I should not receive this error
    it was just a test to see if the problem is port forwarding
    I do not know if it can help to solve my problem

    Hello!


    Your problem is not router related at all.


    1st rule of the internet: never activate DMZ.


    If you can see the error of your nextcloud from WAN it means your port forwarding is working: dont touch it anymore.


    If you have no datas on your nextcloud, you can stop it, delete all /config and / datas folder - Restart docker


    This will recreate any files needed.


    Access your nextcloud from xxxx.duckdns : you'll be asked if you want to add this domain name to the authorized domain: click on the link.

  • Hello to you too!


    I have done all the steps you have listed, but I had to type https and add the port :444, the nextcloud login page was opened, I logged in and did not ask me to add the domain, access was made equally, I tried to access externally via smartphone and it works there too, I think you solved my problem, I really do not know how to thank you.
    I have some questions for you
    so letsencrypt was useless to remotely access my nextcloud?
    can I delete it from the docker?


    thanks man!
    I owe you a beer :D

  • Happy to hear its working :)

    so letsencrypt was useless to remotely access my nextcloud?
    can I delete it from the docker?


    When you connected to your server, your browser probably said something like "Your connection is not secure" in Firefox:


    This is due to the lack of valid SSL certificate.


    When booting for the first time, your nextcloud, as many other kind of
    servers, generate a "self signed certificate" wich is efficient to
    encode your datas over the internet ( as http just throw your login in
    clear trough the web).


    Lets encrypt is used to create a valid SSL certificate wich is dependent of the DNS name you use to reach your
    server from inside and outside. it's usefull to be sure you're connecting to the server you thing you're connecting to.


    You can safely delete your let'sencrypt docker (PS: there is an OMV let's encrypt plugin if i remember, you may want to try it :-))


    One more thing:


    I'd suggest you to use another port than 444 as it's in the "known port " range: see wiki port page


    better use ports between 49152–65535

  • thank you, I'm learning so many things, we hope to remember them for the future
    I would like to change the ports but I am afraid to work on it
    the Nextcloud container in the docker assigns port 433 by default, it is not possible to change this in the container.
    should I add 433 => 49152 or 49153 etc etc? obviously opening the port in the modem port forwarding.

  • thank you, I'm learning so many things, we hope to remember them for the futureI would like to change the ports but I am afraid to work on it
    the Nextcloud container in the docker assigns port 433 by default, it is not possible to change this in the container.
    should I add 433 => 49152 or 49153 etc etc? obviously opening the port in the modem port forwarding.

    In docker you map an host port (OMV port ) to the port opened inside the container,


    you just have to edit the mapped port to your container. If you do this in the docker OMV GUI, once you apply, the container should restart with the new configuration (keeping all your datas safe)

  • In docker you map an host port (OMV port ) to the port opened inside the container,
    you just have to edit the mapped port to your container. If you do this in the docker OMV GUI, once you apply, the container should restart with the new configuration (keeping all your datas safe)

    I did what you told me, but the page opens with an error, it says that the domain is not trusted, maybe I should enter the port at the beginning the registration.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!