Apache service inactive after enabling https


#1

I have completed an install of NextCloud. Tried this on both the Ubuntu preinstall configuration and manual installation after Ubuntu is installed. When the installation is complete, I am able to access the http version and configure it with no problems, but when I “nextcloud.enable-https custom domain.crt domain.csr domain.ca-bundle”, it says the implementation was successful and restarts apache. After which I cannot access the https nextcloud site. “snap info nextcloud” shows nextcloud.apache as simple, enabled, inactive. I rebooted then got the info again. Same info. I then disable https. after a service restart and a reboot, nextcloud.apache remains inactive. There are no entries in /var/log/apache/error.log. The only logs are the access.log when I first accessed nextcloud via http


#2

Rebooted again and got this with “systemctl status snap.nextcloud.apache”

" snap.nextcloud.apache.service - Service for snap application nextcloud.apache
Loaded: loaded (/etc/systemd/system/snap.nextcloud.apache.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-03-13 13:43:44 UTC; 1min 25s ago
Process: 13147 ExecStart=/usr/bin/snap run nextcloud.apache (code=exited, status=1/FAILURE)
Main PID: 13147 (code=exited, status=1/FAILURE)
Mar 13 13:43:44 cloud systemd[1]: snap.nextcloud.apache.service: Service hold-off time over, scheduling restart.
Mar 13 13:43:44 cloud systemd[1]: snap.nextcloud.apache.service: Scheduled restart job, restart counter is at 5.
Mar 13 13:43:44 cloud systemd[1]: Stopped Service for snap application nextcloud.apache.
Mar 13 13:43:44 cloud systemd[1]: snap.nextcloud.apache.service: Start request repeated too quickly.
Mar 13 13:43:44 cloud systemd[1]: snap.nextcloud.apache.service: Failed with result ‘exit-code’.
Mar 13 13:43:44 cloud systemd[1]: Failed to start Service for snap application nextcloud.apache.

But still nothing appears in the apache error log. Is there any other place such a log could be?


#3

ran journalctl -xe

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #0 /snap/nextcloud/11891/htdocs/lib/private/Config.php(214): include()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #1 /snap/nextcloud/11891/htdocs/lib/private/Config.php(63): OC\Config->readData()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #2 /snap/nextcloud/11891/htdocs/lib/base.php(140): OC\Config->__construct(’/var/snap/nextc…’)

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #3 /snap/nextcloud/11891/htdocs/lib/base.php(591): OC::initPaths()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #4 /snap/nextcloud/11891/htdocs/lib/base.php(1068): OC::init()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #5 /snap/nextcloud/11891/htdocs/console.php(46): require_once(’/snap/nextcloud…’)

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #6 /snap/nextcloud/11891/htdocs/occ(11): require_once(’/snap/nextcloud…’)

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #7 {main}Making sure nextcloud is fully upgraded…

Mar 13 14:09:53 cloud audit[19283]: AVC apparmor=“DENIED” operation=“file_mmap” profile=“snap.nextcloud.apache” name="/" pid=19283 comm=“php” requested_mask=“w” denied_mask=“w” fsuid=0 ouid=0

Mar 13 14:09:53 cloud nextcloud.apache[18872]: An unhandled exception has been thrown:

Mar 13 14:09:53 cloud nextcloud.apache[18872]: Error: Class ‘Memcached’ not found in /var/snap/nextcloud/11891/nextcloud/config/config.php:1196

Mar 13 14:09:53 cloud nextcloud.apache[18872]: Stack trace:

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #0 /snap/nextcloud/11891/htdocs/lib/private/Config.php(214): include()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #1 /snap/nextcloud/11891/htdocs/lib/private/Config.php(63): OC\Config->readData()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #2 /snap/nextcloud/11891/htdocs/lib/base.php(140): OC\Config->__construct(’/var/snap/nextc…’)

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #3 /snap/nextcloud/11891/htdocs/lib/base.php(591): OC::initPaths()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #4 /snap/nextcloud/11891/htdocs/lib/base.php(1068): OC::init()

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #5 /snap/nextcloud/11891/htdocs/console.php(46): require_once(’/snap/nextcloud…’)

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #6 /snap/nextcloud/11891/htdocs/occ(11): require_once(’/snap/nextcloud…’)

Mar 13 14:09:53 cloud nextcloud.apache[18872]: #7 {main}All set! Running httpd…

Mar 13 14:09:53 cloud nextcloud.apache[18872]: Certificates have been activated: using HTTPS only

Mar 13 14:09:53 cloud nextcloud.apache[18872]: Certificates appear self-signed: disabling HSTS

Mar 13 14:09:53 cloud systemd[1]: snap.nextcloud.apache.service: Main process exited, code=exited, status=1/FAILURE

Mar 13 14:09:53 cloud systemd[1]: snap.nextcloud.apache.service: Failed with result ‘exit-code’.

Mar 13 14:09:53 cloud systemd[1]: snap.nextcloud.apache.service: Service hold-off time over, scheduling restart.

Mar 13 14:09:53 cloud systemd[1]: snap.nextcloud.apache.service: Scheduled restart job, restart counter is at 5.

– Subject: Automatic restarting of a unit has been scheduled

– Defined-By: systemd

– Support: http://www.ubuntu.com/support

– Automatic restarting of the unit snap.nextcloud.apache.service has been scheduled, as the result for

– the configured Restart= setting for the unit.

Mar 13 14:09:53 cloud systemd[1]: Stopped Service for snap application nextcloud.apache.

– Subject: Unit snap.nextcloud.apache.service has finished shutting down

– Defined-By: systemd

– Support: http://www.ubuntu.com/support

– Unit snap.nextcloud.apache.service has finished shutting down.

Mar 13 14:09:53 cloud systemd[1]: snap.nextcloud.apache.service: Start request repeated too quickly.

Mar 13 14:09:53 cloud systemd[1]: snap.nextcloud.apache.service: Failed with result ‘exit-code’.

Mar 13 14:09:53 cloud systemd[1]: Failed to start Service for snap application nextcloud.apache.

– Subject: Unit snap.nextcloud.apache.service has failed

– Defined-By: systemd

– Support: http://www.ubuntu.com/support

– Unit snap.nextcloud.apache.service has failed.

– The result is RESULT.

Mar 13 14:15:05 cloud snapd[23835]: udevmon.go:190: udev monitor observed remove event for unknown device “/sys/mm_struct(1944:phpsessionclean.service)”

Mar 13 14:15:05 cloud snapd[23835]: udevmon.go:190: udev monitor observed remove event for unknown device “/sys/proc_inode_cache(1944:phpsessionclean.service)”

Mar 13 14:15:05 cloud snapd[23835]: udevmon.go:190: udev monitor observed remove event for unknown device “/sys/dentry(1944:phpsessionclean.service)”

Mar 13 14:17:01 cloud CRON[20251]: pam_unix(cron:session): session opened for user root by (uid=0)

Mar 13 14:17:01 cloud CRON[20252]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Mar 13 14:17:01 cloud CRON[20251]: pam_unix(cron:session): session closed for user root

Can anyone make any sense of this?


#4

Installing custom certificate… done
Restarting apache… error
Certificates have been activated: using HTTPS only
Certificates appear self-signed: disabling HSTS
AH00526: Syntax error on line 96 of /snap/nextcloud/11891/conf/ssl.conf:
SSLCertificateFile: file ‘/var/snap/nextcloud/11891/certs/live/cert.pem’ does not exist or is empty

They are custom certs. Not self-signing


#5

This question should go straight to the systemd-devs.
They probably also need to know that

(stopping the rant right here)

AH00526: Syntax error on line 96 of /snap/nextcloud/11891/conf/ssl.conf:
SSLCertificateFile: file ‘/var/snap/nextcloud/11891/certs/live/cert.pem’ does not exist or is empty

I think the error is here - the file does not exist (there) or is empty (wrong symlink?) so apache cannot start.
Make sure you supply the correct paths in /snap/nextcloud/11891/conf/ssl.conf
GOOD LUCK!


#6

via root, I opened the cert.pem file in the /var/snap/nextcloud/11891/certs/live/ folder. It is the same key as the one in [our domain].crt file. BTW, I also ran nextcloud.enable-https with the files each renamed <our_domain>.pem and cert.pem. same with the chain and privkey files
So, the file is neither missing nor empty.

lines 96-98 in my ssl.conf
SSLCertificateFile ${SNAP_DATA}/certs/live/cert.pem
SSLCertificateKeyFile ${SNAP_DATA}/certs/live/privkey.pem
SSLCertificateChainFile ${SNAP_DATA}/certs/live/chain.pem


#7

is apache operating inside the same filesystem or maybe inside a chroot or sth.? for some reason it does not have access to the files.


#8

They are both on the same partition. but I also just noticed that the path /snap/nextcloud/current has a directory “var”. I followed it and it is a link to /var.
I tested the permissions recursively. /snap/nextcloud are normal. /snap/nextcloud/current and /snap/nextcloud/11891 and further into the subfolders come up as read-only filesystems except the link to /var. I did notice that in /etc/apache2/apache2.conf, one of the directory entries points to /var/www. There is nothing there except html/index.html. Where is the root directory for the nextcloud web interface located?

My certs (cert, key, and chain) are in both “/var/snap/nextcloud/current/cert/live” and “/var/snap/nextcloud/11891/cert/live”

ssl.conf, as well as https.conf, is in “/snap/nextcloud/11891/conf”. The patch to which the error message

Installing custom certificate… done
Restarting apache… error
Certificates have been activated: using HTTPS only
Certificates appear self-signed: disabling HSTS
AH00526: Syntax error on line 96 of /snap/nextcloud/11891/conf/ssl.conf:
SSLCertificateFile: file ‘/var/snap/nextcloud/11891/certs/live/cert.pem’ does not exist or is empty

the cert file mentioned does exist and is not empty. I confirmed this by verifying that the content in the file above matches the content in the original file my_domain.crt


#9

sorry i do not know much about snap except that it’s a kind of chroot. if apache runs inside such a chroot it (probably) has no access to files outside it and permissons you check as root from outside the chroot may be different to apache inside it. symlinks may not be followed.
so, try to “look at” the error from apache’s perspective inside its working environment. As root managing the whole system there are (almost) no limitations for you.
GOOD LUCK!


#10

I reinstalled the OS and did the manual installation instead of snap. I have the http version running fine and have not attempted to install https yet. I would like to know what folders should I backup to restore nextcloud to functional http mode instead of reinstalling the OS? I plan to use rsync. nextcloud is rooted at /var/www/nextcloud. the data folder has a 2 TB HDD mounted to it. Also after each attempt, apache seems to permanent ly fail. Even a purge of apache and php, autoremove, and delete the folders the reinstall does not work. Only a OS reinstall
I have scoured the nextcloud communities for about a week now on how and why every suggestion I find does not work and kills apache.


#11

Are you using the Nextcloud VM? If yes, then just run the scripts, read the instructions, and you should be fine. I don’t know how the snap does it.


#12

No. No VM’s are involved.
Doing some more work, I created a 2 virtual hosts. nextcloud.conf & nextcloud-ssl.conf.
Using a2ensite/a2dissite for each, I am easily switching between the two. Swapping the two, nextcloud-ssl.conf causes apache to fail. nextcloud.conf passes and I get a website.
HTTP: (working)
<VirtualHost *:80>
ServerName cloud.my_domain.com
ServerAlias my_domain.com
DocumentRoot /var/www/nextcloud/
ErrorLog /var/www/nextcloud/errors/error.log

HTTPS: (not working)
<VirtualHost *:443>
ServerName cloud.my_domain.com
ServerAlias my_domain.com
DocumentRoot /var/www/nextcloud/
ErrorLog /var/www/nextcloud/errors/error.log
SSLEngine on
SSLCertificateFile /etc/ssl/cloud_my_domain_com.pem
SSLCertificateKeyFile /etc/ssl/cloud_my_domain_com.key
SSLCertificateChainFile /etc/ssl/cloud_my_domain_comch.pem

Unlike the previous frustrations, I am finally getting an apache error.log.

[Mon Mar 18 22:43:45.694277 2019] [ssl:error] [pid 4647] AH02579: Init: Private key not found

[Mon Mar 18 22:43:45.694366 2019] [ssl:error] [pid 4647] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag

[Mon Mar 18 22:43:45.694378 2019] [ssl:error] [pid 4647] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error

[Mon Mar 18 22:43:45.694387 2019] [ssl:error] [pid 4647] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag

[Mon Mar 18 22:43:45.694397 2019] [ssl:error] [pid 4647] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSA)

[Mon Mar 18 22:43:45.694406 2019] [ssl:error] [pid 4647] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib

[Mon Mar 18 22:43:45.694415 2019] [ssl:error] [pid 4647] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag

[Mon Mar 18 22:43:45.694424 2019] [ssl:error] [pid 4647] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)

[Mon Mar 18 22:43:45.694439 2019] [ssl:emerg] [pid 4647] AH02564: Failed to configure encrypted (?) private key cloud.my_domain.com:443:0, check /etc/ssl/cloud_my_domain_com.key