Apache Stops after Update to NextCloudpi v1.4.9 (2019-01-25) letsencrypt

ncp
letsencrypt
nc15
update_problems

#1

Hello after the Update to v1.4.9 (2019-01-25) letsencrypt: use the latest github version

Stops the Apache2-Server, its not possible to renew the Letsencrypt Certification or Disable Letsencrypt.

When i try to restart the ApacheServer:

AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/xxx.xxx.xxx/fullchain.pem’ does not exist or is empty

I check the “fullchain.pem”, the file is there but its empty.

Connection its only possible with SSH.

I hope somebody can help me…


#2

#3

Hi @fofi2k
Had same thing, the old letsencrypt folder was renamed to:

etc/letsencrypt-old/

So you should find your certificate and key files there, and adding -old to the certificate and key files path in /etc/apache2/sites-available/nextcloud.conf
should fix that.

@Reiner_Nippes
same thing just adding -old to the path should allow you to reload apache.

This is a temporary fix, I suspect @nachoparker will find a better and permanent fix for it.


#4

Why not just rename folders…

(example)
letsencrypt to letsencrypt-new

letsencrypt-old to letsencrypt

?

Would this not achieve the same temporary fix?


#5

Thanks for your Help, now the Webserver is running again.


#6

Sorry to hear that. I don’t get why a simple copy operation results in an empty file but there have been to at least four people already seeing this.

I really don’t get it, I wish more people tested it when I announced this because nobody said a thing and it worked perfectly in my tests

Anybody has an idea? I’ll generate a patch for this situation, I bet more people are seeing this


Failed to start The Apache HTTP Server
#7

I have the same problem :frowning: What can i do? I can’t rename any folders over ssh


#8

Hi Everyone,

Please run

(sudo) ncp-update

(or wait for it to autoupdate, if enabled)
Which will update to v1.4.10
and fix the issue

Anyone who used my temporary fix (above): please revert and remove -old from the path to the certificate and key files in nextcloud.conf and reload apache.


#9

Hello, 4.10 does not fix the issue. Apache restart give me error: /etc/letsencrypt/live/*******/fullchain.pem does not exist or is empty. Please help. I have not access to my nextcloud instance. (except ssh)

PS. I am a Linux newbie :slight_smile:


#10

Hi @OliverV, can you help me to remove -old from the path? I get a permission error with filezilla


#11

Try with SSH via terminal:
ssh root@yourserver.domain.com

then:
nano /etc/apache2/sites-available/nextcloud.conf

replace lines:

SSLCertificateFile /etc/letsencrypt-old/live/yourserver.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt-old/live/yourserver.domain.com/privkey.pem

by

SSLCertificateFile /etc/letsencrypt/live/yourserver.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourserver.domain.com/privkey.pem

And do the same with:

nano /etc/apache2/sites-enabled/ncp.conf

then start apache2:
sudo systemctl start apache2


#12

Updating to v1.4.11 should fix it.

If you dont know how to remove it, you probably didnt add it, so nothing to remove. If not Groby’s answer should work. But most likely just running sudo ncp-update should fix it.


#13

@OliverV @groby : sudo ncp-update does not help. I changed the lines without success. Apache restart gives me the error: Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
Is it possible to reinstall letsencrypt with new certificates?


#14

Thank you for sharing output of sudo ncp-update
Also paste the changed lines, so we may look for errors.
And as suggested: the output of

may contain clues to what is going wrong on your system.


#15

@speedy76 Maybe check if /etc/letsencrypt/live/yourserver.domain.com/chain.pem
is an empty file
if so,
copy the old one:
/etc/letsencrypt-old/live/yourserver.domain.com/chain.pem
to
/etc/letsencrypt/live/yourserver.domain.com/chain.pem

like this:
cp /etc/letsencrypt-old/live/yourserver.domain.com/chain.pem /etc/letsencrypt/live/yourserver.domain.com/chain.pem

Same thing for cert.pem, fullchain.pem, privkey.pem

But as @OliverV said, it should be fixed with 1.4.11 ncp-update


#16

Hi everyone

If you didn’t touch anything, sudo ncp-update should do it for you. Otherwise you can follow advice here, or it might be easier to move /etc/letsencrypt to /etc/letsencrypt-broken, then move /etc/letsencrypt-old to /etc/letsencrypt and make sure ncp.conf and nextcloud.conf in /etc/apache2/services-available point to /etc/letsencrypt and not to /etc/letsencrypt-old. Then restart apache sudo systemctl restart apache2


#17

Hi, I had the same issues on nextcloupi Image for rapsberry. (SSLCertificateFile … does not exist)
I was not sure of what i v done so i restore an image OS and had the same issue after the update 1.4.9. I tried update 1.4.11 with the same result
During the same time i ordered an Odroid XU4 to migrate NexcloudPi on it.
After install image, restore data, test and backup, i tried an update from 1.3.0 to 1.4.11 with the same result (didn’t check the log file but apache was down after first reboot)

I ll try update to 1.5.1 today and will give you the result


#18

Check /etc/letsencrypt/live/xx/ and /etc/letsencrypt/archive/ for your certs, same thing with /etc/letsencrypt-old.

I thought that all update paths were fixed now.


#19

I confirme update to 1.5.1 break cert but restore /etc/letsencrypt-old to /etc/letsencrypt work fine

Thank you!


#20

Hey guys,
My update path was from 1.4.7 to
1.4.9 (then had HTTPD down problem) to
1.4.11 (not solved) to
1.5.1

I can confirm that ‘/etc/letsencrypt-old’ contains the certs but not ‘/etc/letsencrypt’.
So 1.5.1 does NOT solve the problem on my Odroid-HC1 installation.

But when renaming the folders everything works again:
mv letsencrypt letsencrypt-new
mv letsencrypt-old letsencrypt