522 Connection Timed Out / Nextcloud / ACME

I’ve disabled my firewall trying to make this work but not sure how to diagnose this further. There is no .htaccess that I’m aware about in nextcloud that would be blocking this. The logs show that the cpu/ram have been fine and nothing is overloaded as per their troubleshooting page

When I run the command
‘’’ Shell
CLOUDFLARE_EMAIL=example@gmail(dot)com
CLOUDFLARE_DNS_API_TOKEN=*****************************
lego --dns cloudflare --domains example(dot)com --email example@gmail(dot)com run
‘’’

Everything runs fine. I manually added the Global API but since switched to API Token with DNS-configrules/dynamic redirect/zone settings/SSL certs/DNS-(all set to edit). Not opposed to using the global API, but just trying to diagnose the problem.

The IP that cloudflare DNS example(dot)com is pointing to with Type A is from the command below. All name servers are working properly.
‘’’ Shell
curl ifconfig(dot) co
‘’’

I’ve changed the Cloudflare “Always use HTTPS” on/off (currently off).

Thanks in advance for any help I can get.

Feb 17 12:08:45 jimsimons acme-example(dot)com-start[140294]: + cmp -s domainhash(dot)txt certificates/domainhash(dot)txt
Feb 17 12:08:45 jimsimons acme-example(dot)com-start[140294]: + lego --accept-tos --path . -d example(dot)com --email [example @gmail(dot) com](mailto: example@gmail(dot) com) --key-type ec256 --dns cloudflare --dns.resolvers 1.1.1.1:53 -d ‘*.example(dot)com’ run
Feb 17 12:08:46 jimsimons acme-example(dot)com-start[140318]: 2024/02/17 12:08:46 cloudflare: some credentials information are missing: CLOUDFLARE_API_KEY or some credentials information are missing: CLOUDFLARE_DNS_API_TOKEN,CLOUDFLARE_ZONE_API_TOKEN
Feb 17 12:08:46 jimsimons acme-example(dot)com-start[140294]: + echo Failed to fetch certificates. This may mean your DNS records are set up incorrectly.
Feb 17 12:08:46 jimsimons acme-example(dot)com-start[140294]: Failed to fetch certificates. This may mean your DNS records are set up incorrectly.
Feb 17 12:08:46 jimsimons acme-example(dot)com-start[140294]: + exit 10
Feb 17 12:08:46 jimsimons systemd[1]: acme-example(dot)com.service: Main process exited, code=exited, status=10/n/a
Feb 17 12:08:46 jimsimons systemd[1]: acme-example(dot)com.service: Failed with result ‘exit-code’.
Feb 17 12:08:46 jimsimons systemd[1]: Failed to start Renew ACME certificate for example(dot)com.

What commands or logs can I check for more details? I’m still stuck. Thanks.

Bumping. Still need some help or pointers resolving this.

Welcome to the Cloudflare Community. :logodrop:

You may want to explain your problem a little more clearly. It is really hard to tell from the information you provided, but it seems like you are trying to obtain a TLS certificate from an unspecified certificate authority. If it is Let’s Encrypt, you will probably be better off asking for help in their forum in their Help category and being sure to fill out their entire template in your post.

I’m not suggesting that to send you away from this forum, as I spend time helping over there, too, and it if we identify that you need some help with the Cloudflare portion of the DNS-01 validation, we can certainly look into that here, but right know we haven’t even identified where your ACME request is breaking sown, or if that is even what this topic is trying to remedy.

When you are sharing console output, or other text from your server, like config files or log excerpts, try this formatting method to make it easier to read:

Type:
```
Your plain text content
can span multiple lines
```

and it will render in your post as:

Your plain text content
can span multiple lines

It’s run in a Nixos file not docker compose.

{ self, config, lib, pkgs, ... }: {
  # Based on https://carjorvaz(dot)com/posts/the-holy-grail-nextcloud-setup-made-easy-by-nixos/
  security.acme = {
    acceptTerms = true;
    preliminarySelfsigned = false;
    defaults.email = "default@gmail(dot)com";
    certs."ow0w.com" = {
      dnsProvider = "cloudflare";
      dnsResolver = "1.1.1.1:53";
      credentialsFile = "/home/justin/cloudflare";
      dnsPropagationCheck = true;
      domain = "default(dot)com";
      extraDomainNames = [ "*.default(dot)com" ];
      reloadServices = [ "nginx"];

    #defaults = {
      #email = "[email protected]";
      #dnsProvider = "cloudflare";
      # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
      # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
      #environmentFile = "/home/justin/cloudflare";
    };
  };
  services = {
    nginx.virtualHosts = {
      "default(dot)com" = { # YOUR.DOMAIN.NAME
        forceSSL = true;
        enableACME = true; 
        # Use DNS Challenege.
        acmeRoot = null;
      };
    };
    # 
    nextcloud = {
      enable = true;
      hostName = "default(dot)com"; # YOUR.DOMAIN.NAME
      # Need to manually increment with every major upgrade. 
      package = pkgs.nextcloud28;
      # Optional Setting: Point directory to storage path
      # Let NixOS install and configure the database automatically.
      database.createLocally = true;
      # Let NixOS install and configure Redis caching automatically.
      configureRedis = true;
      # Increase the maximum file upload size.
      maxUploadSize = "16G";
      https = true;
      autoUpdateApps.enable = true;
      extraOptions = {
        trusted_domains = ["192.168.88.62" "default(dot)com"];
        default_phone_region = "US";
        overwriteprotocol = "https";
      };
      extraAppsEnable = true;
      extraApps = with config.services.nextcloud.package.packages.apps; {
        # List of apps we want to install and are already packaged in
        # https://github(dot)com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
        inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
        # Custom app example.
#        socialsharing_telegram = pkgs.fetchNextcloudApp rec {
#          url =
#            "https://github(dot)com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
#          license = "agpl3";
#          sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
#        };
      };
      config = {
        dbtype = "pgsql";
        adminuser = "justin";
        adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
      };
      # Suggested by Nextcloud's health check.
      phpOptions."opcache.interned_strings_buffer" = "16";
    };
    # Nightly database backups.
    postgresqlBackup = {
      enable = true;
      startAt = "*-*-* 01:15:00";
    };
  };
}

I run this in a Nix file on my server. I can access Nextcloud locally both without cloudflare and with it’s attempt to connect to the website.

{ self, config, lib, pkgs, ... }: {
  # Based on https://carjorvaz(dot)com/posts/the-holy-grail-nextcloud-setup-made-easy-by-nixos/
  security.acme = {
    acceptTerms = true;
    preliminarySelfsigned = false;
    defaults.email = "default@gmail(dot)com";
    certs."default(dot)com" = {
      dnsProvider = "cloudflare";
      dnsResolver = "1.1.1.1:53";
      credentialsFile = "/home/justin/cloudflare";
      dnsPropagationCheck = true;
      domain = "default(dot)com";
      extraDomainNames = [ "*.default(dot)com" ];
      reloadServices = [ "nginx"];

    #defaults = {
      #email = "default@gmail(dot)com";
      #dnsProvider = "cloudflare";
      # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
      # https://www.freedesktop(dot)org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
      #environmentFile = "/home/justin/cloudflare";
    };
  };
  services = {
    nginx.virtualHosts = {
      "default(dot)com" = { # YOUR.DOMAIN.NAME
        forceSSL = true;
        enableACME = true; 
        # Use DNS Challenege.
        acmeRoot = null;
      };
    };
    # 
    nextcloud = {
      enable = true;
      hostName = "default(dot)com"; # YOUR.DOMAIN.NAME
      # Need to manually increment with every major upgrade. 
      package = pkgs.nextcloud28;
      # Optional Setting: Point directory to storage path
      # Let NixOS install and configure the database automatically.
      database.createLocally = true;
      # Let NixOS install and configure Redis caching automatically.
      configureRedis = true;
      # Increase the maximum file upload size.
      maxUploadSize = "16G";
      https = true;
      autoUpdateApps.enable = true;
      extraOptions = {
        trusted_domains = ["192.168.88.62" "default(dot)com"];
        default_phone_region = "US";
        overwriteprotocol = "https";
      };
      extraAppsEnable = true;
      extraApps = with config.services.nextcloud.package.packages.apps; {
        # List of apps we want to install and are already packaged in
        # https://github(dot)com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
        inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
        # Custom app example.
#        socialsharing_telegram = pkgs.fetchNextcloudApp rec {
#          url =
#            "https://github(dot)com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
#          license = "agpl3";
#          sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
#        };
      };
      config = {
        dbtype = "pgsql";
        adminuser = "justin";
        adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
      };
      # Suggested by Nextcloud's health check.
      phpOptions."opcache.interned_strings_buffer" = "16";
    };
    # Nightly database backups.
    postgresqlBackup = {
      enable = true;
      startAt = "*-*-* 01:15:00";
    };
  };
}

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.