Apache Stops after Update to NextCloudpi v1.4.9 (2019-01-25) letsencrypt

Hello after the Update to v1.4.9 (2019-01-25) letsencrypt: use the latest github version

Stops the Apache2-Server, its not possible to renew the Letsencrypt Certification or Disable Letsencrypt.

When i try to restart the ApacheServer:

AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file ā€˜/etc/letsencrypt/live/xxx.xxx.xxx/fullchain.pemā€™ does not exist or is empty

I check the ā€œfullchain.pemā€, the file is there but its empty.

Connection its only possible with SSH.

I hope somebody can help meā€¦

1 Like

Hi @fofi2k
Had same thing, the old letsencrypt folder was renamed to:

etc/letsencrypt-old/

So you should find your certificate and key files there, and adding -old to the certificate and key files path in /etc/apache2/sites-available/nextcloud.conf
should fix that.

@Reiner_Nippes
same thing just adding -old to the path should allow you to reload apache.

This is a temporary fix, I suspect @nachoparker will find a better and permanent fix for it.

Why not just rename foldersā€¦

(example)
letsencrypt to letsencrypt-new

letsencrypt-old to letsencrypt

?

Would this not achieve the same temporary fix?

Thanks for your Help, now the Webserver is running again.

1 Like

Sorry to hear that. I donā€™t get why a simple copy operation results in an empty file but there have been to at least four people already seeing this.

I really donā€™t get it, I wish more people tested it when I announced this because nobody said a thing and it worked perfectly in my tests

Anybody has an idea? Iā€™ll generate a patch for this situation, I bet more people are seeing this

I have the same problem :frowning: What can i do? I canā€™t rename any folders over ssh

Hi Everyone,

Please run

(sudo) ncp-update

(or wait for it to autoupdate, if enabled)
Which will update to v1.4.10
and fix the issue

Anyone who used my temporary fix (above): please revert and remove -old from the path to the certificate and key files in nextcloud.conf and reload apache.

Hello, 4.10 does not fix the issue. Apache restart give me error: /etc/letsencrypt/live/*******/fullchain.pem does not exist or is empty. Please help. I have not access to my nextcloud instance. (except ssh)

PS. I am a Linux newbie :slight_smile:

Hi @OliverV, can you help me to remove -old from the path? I get a permission error with filezilla

Try with SSH via terminal:
ssh root@yourserver.domain.com

then:
nano /etc/apache2/sites-available/nextcloud.conf

replace lines:

SSLCertificateFile /etc/letsencrypt-old/live/yourserver.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt-old/live/yourserver.domain.com/privkey.pem

by

SSLCertificateFile /etc/letsencrypt/live/yourserver.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourserver.domain.com/privkey.pem

And do the same with:

nano /etc/apache2/sites-enabled/ncp.conf

then start apache2:
sudo systemctl start apache2

Updating to v1.4.11 should fix it.

If you dont know how to remove it, you probably didnt add it, so nothing to remove. If not Grobyā€™s answer should work. But most likely just running sudo ncp-update should fix it.

1 Like

@OliverV @groby : sudo ncp-update does not help. I changed the lines without success. Apache restart gives me the error: Job for apache2.service failed because the control process exited with error code.
See ā€œsystemctl status apache2.serviceā€ and ā€œjournalctl -xeā€ for details.
Is it possible to reinstall letsencrypt with new certificates?

Thank you for sharing output of sudo ncp-update
Also paste the changed lines, so we may look for errors.
And as suggested: the output of

may contain clues to what is going wrong on your system.

@speedy76 Maybe check if /etc/letsencrypt/live/yourserver.domain.com/chain.pem
is an empty file
if so,
copy the old one:
/etc/letsencrypt-old/live/yourserver.domain.com/chain.pem
to
/etc/letsencrypt/live/yourserver.domain.com/chain.pem

like this:
cp /etc/letsencrypt-old/live/yourserver.domain.com/chain.pem /etc/letsencrypt/live/yourserver.domain.com/chain.pem

Same thing for cert.pem, fullchain.pem, privkey.pem

But as @OliverV said, it should be fixed with 1.4.11 ncp-update

Hi everyone

If you didnā€™t touch anything, sudo ncp-update should do it for you. Otherwise you can follow advice here, or it might be easier to move /etc/letsencrypt to /etc/letsencrypt-broken, then move /etc/letsencrypt-old to /etc/letsencrypt and make sure ncp.conf and nextcloud.conf in /etc/apache2/services-available point to /etc/letsencrypt and not to /etc/letsencrypt-old. Then restart apache sudo systemctl restart apache2

Hi, I had the same issues on nextcloupi Image for rapsberry. (SSLCertificateFile ā€¦ does not exist)
I was not sure of what i v done so i restore an image OS and had the same issue after the update 1.4.9. I tried update 1.4.11 with the same result
During the same time i ordered an Odroid XU4 to migrate NexcloudPi on it.
After install image, restore data, test and backup, i tried an update from 1.3.0 to 1.4.11 with the same result (didnā€™t check the log file but apache was down after first reboot)

I ll try update to 1.5.1 today and will give you the result

Check /etc/letsencrypt/live/xx/ and /etc/letsencrypt/archive/ for your certs, same thing with /etc/letsencrypt-old.

I thought that all update paths were fixed now.

I confirme update to 1.5.1 break cert but restore /etc/letsencrypt-old to /etc/letsencrypt work fine

Thank you!

Hey guys,
My update path was from 1.4.7 to
1.4.9 (then had HTTPD down problem) to
1.4.11 (not solved) to
1.5.1

I can confirm that ā€˜/etc/letsencrypt-oldā€™ contains the certs but not ā€˜/etc/letsencryptā€™.
So 1.5.1 does NOT solve the problem on my Odroid-HC1 installation.

But when renaming the folders everything works again:
mv letsencrypt letsencrypt-new
mv letsencrypt-old letsencrypt