I am currently setting up a nextcloud server on Debian 11. I’m struggling right now to enable SSL by linking the certificates from letsencrypt in the config:
apachectl configtest
AH00526: Syntax error on line 40 of /etc/apache2/sites-enabled/nextcloud.conf:
SSLCertificateFile: file '/etc/letsencrypt/archive/nextcloud.example.com/fullchain1.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
www-data should have access to the relevant letsencrypt directories:
$ sudo ls -l /etc/letsencrypt/archive/nextcloud.example.com
total 20
-rw-r--r-- 1 root root 1858 Dec 28 20:30 cert1.pem
-rw-r--r-- 1 root root 3749 Dec 28 20:30 chain1.pem
-rw-r--r-- 1 root root 5607 Dec 28 20:30 fullchain1.pem
-rw-r--r-- 1 root root 1704 Dec 28 20:30 privkey1.pem
Config section:
SSLEngine On
SSLCertificateFile /etc/letsencrypt/archive/nextcloud.example.com/fullchain1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/nextcloud.example.com/privkey1.pem
Originally, following an instruction guide, I used letsencrypt/live over letsencrypt/archive in the config, the certificate files in that directory are symlinks and I suspected that might be causing the problem. Changing the paths to archive, as above, did not solve the problem.
$ sudo ls -l /etc/letsencrypt/live/nextcloud.example.com/
total 4
lrwxrwxrwx 1 root root 45 Dec 28 20:30 cert.pem -> ../../archive/nextcloud.example.com/cert1.pem
lrwxrwxrwx 1 root root 46 Dec 28 20:30 chain.pem -> ../../archive/nextcloud.example.com/chain1.pem
lrwxrwxrwx 1 root root 50 Dec 28 20:30 fullchain.pem -> ../../archive/nextcloud.example.com/fullchain1.pem
lrwxrwxrwx 1 root root 48 Dec 28 20:30 privkey.pem -> ../../archive/nextcloud.example.com/privkey1.pem
-rw-r--r-- 1 root root 692 Dec 28 20:30 README
I suspect the error is really simple, but looking for solutions was fruitless, so I am asking for posterity.