Apache Stops after Update to NextCloudpi v1.4.9 (2019-01-25) letsencrypt

ncp
letsencrypt
nc15
update_problems

#21

@OlivierR @ivanbliminse obviously we are missing something because it breaks for some people.

Would you be so kind to tell me the exact contents of these folders so we can provide a fix for everyone?

Thanks


#22

Hi,
after my renaming action I now have the following folder content:

root@nextcloudpi:/etc/letsencrypt/live# ls -l -R
.:
total 4
drwxr-xr-x 2 root root 4096 Jan 11 20:41 XXXXXXXXXXXXko4d.myfritz.net

./XXXXXXXXXXXXko4d.myfritz.net:
total 4
… Jan 11 20:41 README
… Jan 11 20:41 cert.pem -> …/…/archive/XXXXXXXXXXXXko4d.myfritz.net/cert1.pem
… Jan 11 20:41 chain.pem -> …/…/archive/XXXXXXXXXXXXko4d.myfritz.net/chain1.pem
…Jan 11 20:41 fullchain.pem -> …/…/archive/XXXXXXXXXXXXko4d.myfritz.net/fullchain1.pem
…Jan 11 20:41 privkey.pem -> …/…/archive/XXXXXXXXXXXXko4d.myfritz.net/privkey1.pem

and

root@nextcloudpi:/etc/letsencrypt/archive# ls -l -R
.:
total 4
drwxr-xr-x 2 root root 4096 Jan 11 20:41 XXXXXXXXXXXXko4d.myfritz.net

./XXXXXXXXXXXXko4d.myfritz.net:
total 16
-rw-r–r-- 1 root root 1948 Jan 11 20:41 cert1.pem
-rw-r–r-- 1 root root 1647 Jan 11 20:41 chain1.pem
-rw-r–r-- 1 root root 3595 Jan 11 20:41 fullchain1.pem
-rw-r–r-- 1 root root 1704 Jan 11 20:41 privkey1.pem

and (sorry for the long list, you wanted to have it:-) )

root@nextcloudpi:/etc/letsencrypt-new# ls -l -R
.:
total 428

… got rid of non-interesting lines

./archive:
total 4
drwxr-xr-x 2 root root 4096 Jan 11 20:41 XXXXXXXXXXXXko4d.myfritz.net

./archive/XXXXXXXXXXXXko4d.myfritz.net:
total 16
-rw-r–r-- 1 root root 1948 Jan 11 20:41 cert1.pem
-rw-r–r-- 1 root root 1647 Jan 11 20:41 chain1.pem
-rw-r–r-- 1 root root 3595 Jan 11 20:41 fullchain1.pem
-rw-r–r-- 1 root root 1704 Jan 11 20:41 privkey1.pem

./certbot:
total 488

… got rid of non-interesting lines.

Puh, if I look at the long list I deleted, maybe I better should paste the certs into the new folder structure…


#23

thanks, that really helps. Right now if you run an update you might run into the same issue again, so it’s better to fix it properly.

What about the contents of letsencrypt-new/live?


#24

This folder just doesn’t exist.
I canceled the renaming and copy/paste the folder into new version – works.

Then we can see on a future update wether it works or not.


#25

@nachoparker
cron doesnt know where to find new letsencrypt certbot:

/etc/cron.weekly/letsencrypt-ncp:
/etc/cron.weekly/letsencrypt-ncp: line 4: /usr/bin/certbot: No such file or directory


#26

Hi @nachoparker sorry for the delay.

Here is my letsencrypt content :

pi@nextcloudpi:~$ ls /etc/letsencrypt/live/cloud.****.**/
README cert.pem chain.pem fullchain.pem privkey.pem

pi@nextcloudpi:~$ ls /etc/letsencrypt/archive/
ls: cannot open directory ‘/etc/letsencrypt/archive/’: Permission denied
pi@nextcloudpi:~$ sudo ls /etc/letsencrypt/archive/
pi@nextcloudpi:~$

pi@nextcloudpi:~$ ls /etc/letsencrypt-old/
accounts archive cli.ini csr keys live renewal renewal-hooks
pi@nextcloudpi:~$

pi@nextcloudpi:~$ sudo mv /etc/letsencrypt /etc/letsencrypt-broken
pi@nextcloudpi:~$ sudo mv /etc/letsencrypt-old /etc/letsencrypt
pi@nextcloudpi:~$ sudo /etc/init.d/apache2 start
[ ok ] Starting apache2 (via systemctl): apache2.service.
pi@nextcloudpi:~$

I didn’t check the log but my nextcloudpi instance stay in 1.3.0 version so i can retry as many time you need

A reason can be that i try too many letsencrypt generation certificat? (5 per week max)


#27

it would be great if you could try the update again, it should work.


#28

Im sorry,after update I stay in 1.3.0 and apache doesn’t start. Feel free to ask me any log or else!


#29

the output from sudo ncp-update would be great. Still in the same situation? (empty archive folder)?


#30

I 've done 2 update without restarting nextcloudpi. The actual version seems to be 1.5.1 but the second attemp has some error.

The first attempt :

Downloading updates
Performing updates
Running nc-automount
automount enabled
Running nc-autoupdate-nc
automatic Nextcloud updates enabled
Installing nc-backup
Get:1 http://security.debian.org stretch/updates InRelease [94.3 kB]
Ign:3 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Get:4 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease [91.0 kB]
Get:5 https://packages.sury.org/php stretch InRelease [6934 B]
Get:6 http://cdn-fastly.deb.debian.org/debian stretch-backports InRelease [91.8 kB]
Hit:2 https://apt.armbian.com stretch InRelease
Hit:7 http://cdn-fastly.deb.debian.org/debian stretch Release
Get:8 https://packages.sury.org/php stretch/main armhf Packages [103 kB]
Fetched 387 kB in 2s (145 kB/s)
Reading package lists…
Reading package lists…
Building dependency tree…
Reading state information…
pigz is already the newest version (2.3.4-1).
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.
Installing nc-restore
updating letsencrypt…
Reading package lists…
Building dependency tree…
Reading state information…
Package ‘letsencrypt’ is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.
Reading package lists…
Building dependency tree…
Reading state information…
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.
Installing letsencrypt
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:3 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Hit:4 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease
Hit:5 http://cdn-fastly.deb.debian.org/debian stretch-backports InRelease
Hit:6 http://cdn-fastly.deb.debian.org/debian stretch Release
Hit:7 https://packages.sury.org/php stretch InRelease
Hit:2 https://apt.armbian.com stretch InRelease
Reading package lists…
Reading package lists…
Building dependency tree…
Reading state information…
python3-minimal is already the newest version (3.5.3-1).
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.


letsencrypt-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
(default) run Obtain & install a certificate in your current webserver
certonly Obtain or renew a certificate, but do not install it
renew Renew all previously obtained certificates that are near
expiry
enhance Add security enhancements to your existing configuration
-d DOMAINS Comma-separated list of domains to obtain a certificate for

–apache Use the Apache plugin for authentication & installation
–standalone Run a standalone webserver for authentication
–nginx Use the Nginx plugin for authentication & installation
–webroot Place files in a server’s webroot folder for authentication
–manual Obtain certificates interactively, or using shell script
hooks

-n Run non-interactively
–test-cert Obtain a test certificate from a staging server
–dry-run Test “renew” or “certonly” without saving any certificates
to disk

manage certificates:
certificates Display information about certificates you have from Certbot
revoke Revoke a certificate (supply --cert-path or --cert-name)
delete Delete a certificate

manage your account with Let’s Encrypt:
register Create a Let’s Encrypt ACME account
update_account Update a Let’s Encrypt ACME account
–agree-tos Agree to the ACME server’s Subscriber Agreement
-m EMAIL Email address for important account notifications

More detailed help:

-h, --help [TOPIC] print this message, or detailed help on a topic;
the available TOPICS are:

all, automation, commands, paths, security, testing, or any of the
subcommands or plugins (certonly, renew, install, register, nginx,
apache, standalone, webroot, etc.)


Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.**************
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Cleaning up challenges
live directory exists for cloud.****************
IMPORTANT NOTES:

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

The second :

Downloading updates
Performing updates
Running nc-automount
automount enabled
Running nc-autoupdate-nc
automatic Nextcloud updates enabled
Installing nc-backup
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease
Hit:4 http://cdn-fastly.deb.debian.org/debian stretch-backports InRelease
Hit:5 http://cdn-fastly.deb.debian.org/debian stretch Release
Hit:6 https://packages.sury.org/php stretch InRelease
Err:8 http://apt.armbian.com stretch InRelease
Cannot initiate the connection to apt.armbian.com:80 (2001:bb8:4008:ff:5054:ff:fea8:96fc). - connect (101: Network is unreachable) [IP: 2001:bb8:4008:ff:5054:ff:fea8:96fc 80]
Reading package lists… Done
W: Failed to fetch http://apt.armbian.com/dists/stretch/InRelease Cannot initiate the connection to apt.armbian.com:80 (2001:bb8:4008:ff:5054:ff:fea8:96fc). - connect (101: Network is unreachable) [IP: 2001:bb8:4008:ff:5054:ff:fea8:96fc 80]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists… Done
Building dependency tree
Reading state information… Done
pigz is already the newest version (2.3.4-1).
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.
Installing nc-restore
NextCloudPi updated to version v1.5.1


#31

thank you, that looks good to me