this post was submitted on 24 Apr 2026
25 points (93.1% liked)

Selfhosted

56957 readers
685 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
25
How to self-host Wordpress site on Njalla domain? (lemmy.world)
submitted 1 week ago by Maerman@lemmy.world to c/selfhosted@lemmy.world
14 comments fedilink hide all child comments
 

Hi, all. So I am losing my mind over here. I recently paid for a domain through Njalla. I can route my email through it without any trouble, but then I thought I might like to self-host a personal website on it. I am using dietpi x86-64 on my homelab, a system on which I successfully host Jellyfin and Navidrome using Tailscale for remote access. I installed Wordpress and everything works just fine. The thing is, the moment I switch the site to an external URL, I simply cannot access it. I have added the A Records on Njalla for the domain to point at my server's public IP. I have opened ports 80 and 443 through UFW on the server, and pointed them to my the server's internal IP through the router. I have tried pointing Certbot at the URL, and it fails, returning the error that it couldn't fetch a file from /.well-known/acme-challenge (although it does show that the URL is pointing at the correct IP). I have changed my router settings to assign a static internal IP to the server.

I am at a loss. I'm sure it's something really easy and simple that I'm missing, but I cannot find what it is for the life of me. Thank you in advance for any tips or advice.

top 14 comments
sorted by: hot top controversial new old
[–] HelloRoot@lemy.lol 5 points 1 week ago* (last edited 1 week ago) (2 children)

Njalla's default TTL for DNS records is 3600 seconds (1 hour). If you just created or modified the A record, it can take up to that full hour for the change to propagate across the internet, which would perfectly explain why Certbot is connecting to the right IP but failing to fetch the file (the request might be hitting an old IP or a cached null response).

Before changing any more configurations, you should verify what the rest of the internet is actually seeing for your domain right now.

Check the current DNS record

You can usedig to see exactly what IP your domain is resolving to, and importantly, the remaining TTL on that record.

From your local machine (or any computer), run:

dig yourdomain.com +noall +answer

This will output something like:

yourdomain.com.    3412    IN      A       203.0.113.45

The second column (3412) is the remaining TTL in seconds. If that number is counting down from 3600, the record is still propagating. If the IP address shown there doesn't match your server's current public IP, the change hasn't taken effect yet for that DNS server.

Check from a different perspective

To ensure it's not just your local ISP or router cache serving an old record, query an external public DNS server directly:

dig yourdomain.com @1.1.1.1 +noall +answer
dig yourdomain.com @8.8.8.8 +noall +answer

If these external servers show the correct IP but Certbot still fails, the DNS is fine, and the problem is somewhere in your network routing or web server config. If they show a wrong IP or no record at all, you simply need to wait for the TTL to expire.

[–] Maerman@lemmy.world 2 points 1 week ago (1 children)

Hi. Thank you so much for this detailed response. I ran the dig commands you suggested, and they all show the correct IP. Njalla allows you to change the TTL, so I set that to 0s when I created the A record. So the problem must be with my routing or my web server, as you said. How can I troubleshoot those?

[–] HelloRoot@lemy.lol 3 points 1 week ago* (last edited 1 week ago) (1 children)

Sounds good.

Hmm next you probably should confirm ports 80 and 443 are actually reachable from the internet.

Use an online port checker like https://canyouseeme.org/

After that you should check your apache config like somebody else already suggested. I haven't used apache in a while but if I remember correctly:

Ensure it says: Listen 80 NOT: Listen 127.0.0.1:80

(and same with 443)

Also check your VirtualHost — it should look something like:

<VirtualHost *:80>
    ServerName yourdomain.com
    DocumentRoot /var/www/wordpress
    # ... other settings
</VirtualHost>

(and same with 443)

[–] Maerman@lemmy.world 2 points 1 week ago (1 children)

Okay, great. So I checked all the config files, and everything seems to be in order there. But when I used an online port checker (I used yougetsignal.com), it said ports 80 and 443 are both closed. So the problem must be with my router, right?

[–] HelloRoot@lemy.lol 2 points 1 week ago* (last edited 1 week ago) (1 children)

The problem could be anywhere in between the internet and your server.

Ofc. it could be your routet. But I think the following is more likely:

It might also be your internet service provider that doesn't allow those ports for inbound connections.

Or you're behind a CGNAT so your real external ip is different from the one you think it is. (look up online how to test this)

[–] Maerman@lemmy.world 2 points 6 days ago

That was it! I was behind a CGNAT! Thank you so much. I created a Cloudflare tunnel, and boom. I am now able to access the domain from my phone without wifi. Thank you, thank you, thank you. I still have some configuration to do, but the main issue has been resolved. You are an angel.

[–] non_burglar@lemmy.world 3 points 1 week ago (1 children)

The certbot thing here is a clue: have you opened 443 and 80 on the router as well?

[–] Maerman@lemmy.world 1 points 1 week ago (1 children)

I have, yes. I set up the router to forward traffic through those ports to my server's internal IP, which I also made static.

[–] non_burglar@lemmy.world 1 points 5 days ago

No, I mean outbound. Certbot needs the acme challenge to work properly. https://certbot.eff.org/faq/#can-i-issue-certificate-if-my-webserver-doesn-t-listen-on-port-80

[–] Decronym@lemmy.decronym.xyz 2 points 1 week ago* (last edited 5 days ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CGNAT Carrier-Grade NAT
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
NAT Network Address Translation
nginx Popular HTTP server

4 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

[Thread #253 for this comm, first seen 25th Apr 2026, 07:20] [FAQ] [Full list] [Contact] [Source code]

[–] kate@lemmy.uhhoh.com 2 points 1 week ago (1 children)

do you have a web server like caddy, apache, or nginx running? if so, what does the config file look like?

[–] Maerman@lemmy.world 2 points 1 week ago

So the Dietpi OS has a bunch of pre-configured packages to install. When I installed Wordpress, it set up an Apache server. I'm not at my computer right now, but I'll look for the config file when I get home. And I am able to access the site on my local network if I point it to my Tailscale IP, just not if I point it to the server's public IP or the domain (which is also pointing to the public IP).

[–] bjoern_tantau@swg-empire.de 2 points 1 week ago

Maybe mention the domain and IP in question so that we can help better. Your end goal is to have them publicly accessible anyways.