Cannot update : To login you need to provide the unhashed value of "updater.secret" in your config file

Hi, when I try to update Owncloud from 10.0.2 to 11.0.1, I get a page containing the following message :

Authentication
To login you need to provide the unhashed value of “updater.secret” in your config file.
If you don’t know that value, you can access this updater directly via the Nextcloud admin screen or generate
your own secret:
php -r ‘$password = trim(shell_exec(“openssl rand -base64
48”));if(strlen($password) === 64) {$hash = password_hash($password,
PASSWORD_DEFAULT) . “\n”; echo "Insert as “updater.secret”: ".$hash;
echo “The plaintext value is: “.$password.”\n”;}else{echo “Could not
execute OpenSSL.\n”;};’

I have no idea about what the problem is here, and I can not run the php command since I’m on a shared hosting, and I don’t have a ssh access.

Can you help me ?

Nextcloud version : 10.0.2
Operating system and version : Unknown, Shared Hosting
Apache or nginx version : Apache 2.2.22
PHP version : 7.0
Is this the first time you’ve seen this error and can you replicate it?:
First time, can replicate

The output of your Nextcloud log in Admin > Logging:

Zend OPcache API is restricted by “restrict_api” configuration
directive at
/home//www/nextcloud/lib/private/legacy/util.php#1364

getting the same error and log entry

nextcloud 11.0.1 update to 11.0.2 with updater
operatingsys: debian, shared host at OVH
apache 2.2.22
php ver 7.0

Is this a bug?

My Nexcloud is hosted at OVH as well.

Hi,

Is there any news about this ?

I have 11.0.3 version installed on shared OVH and i cannot upgrade to 12.0.0 version with the same error.
I tried to remove the updater.secret key but each time I try to upgrade the key comes back.
I tried to generate a new one on another linux server but it’s not working…

So I’m stuck with 11.0.3 version!

Same issue here. Any hints?

Manage to do the update manually by replacing all the files by the new version.

Same problem here. I am also using OVH Shared Hosting

Yeah, seems to be a general problem with OVH hosting.

I had to manually update to 12.0.0, somehow the auto updater worked for going from 12.0.0 to 12.0.1, but for both 12.0.2 and 12.0.3 I had to manually update again.

I managed to upgrade my server from 12.0.2 to 12.0.3 with the updater.
I finally managed to execute the command line provided and paste the new secret in the configuration file.
After entering the password in the field, the login bring you back to the admin page and you have to click again on the update button and then it worked…

The problem with this is that you need to have a linux machine with php on it to create the new secret… Which might not be easy since we are using mutualize hosting.

1 Like

I can execute the command even with my OVH shared hosting (ssh access). Thanks Swiiney for this hint.
However, I paste the “updater.secret” in my config file and nothing change.
Should I do something with the plaintext value as well? I tried to paste it in the field and then click on "login"
Should I reload something. And how?

You need to enter the plaintext value in the login field of the update page.
After this you get back on the admin page.
Then you can click again on the update without any login.

1 Like

Here are the steps I do :
1- run the command in my ssh access (domain ssh.cluster013.ovh.net). For information, I have ssh access because I have a pro shared hosting on ovh (France). I could not have ssh access with a lower level of ovh shared hosting.
2- Paste the “updater.secret” into my nextcloud/config/config.php. For information, I don’t reload anything, I just edit the config.php file.
3- Paste the “plaintext value” into the “login” field
4- Click on the “Login” button
5- I indeed get back on the admin page
6- I have a “loading circle” in the top paragraph of this page which never ends.
7- I refresh the page after minutes because the loading circle is a blocking and a non ending one
8- The loading circle appears as well at the same place but disappears after 1 second and let shown some errors related to X-XSS-Protection, X-Content-Type-Options, X-Robots-Tag, X-Download-Options, X-Permitted-Cross-Domain-Policies and Strict-Transport-Security. For information, I always have these errors. It does not look to be related to the “updater”. I am surprised I don’t get them when I click on “Login” button. Instead I have this no ending loading circle.
9- I still have the same message when I try to go to the update manager “To login you need to provide the unhashed value of “updater.secret” in your config file. etc…”

I am going to look at the log.
But I guess I will have to stick to update manually. This is what I am used to do as a workaround since a lot of versions.

2 Likes

Many thanks Philippe. Exactly the same problem today when trying to update from nextcloud 13.0.1 to 13.0.4. I am using the same pro shared web hosting service (OVH).

Any help would be greatly appreciated. :grinning:

Pascal.

Hello again.

I have just found a work-around on a blog. Sorry it is in french. It does not seem to work for me on an OVH web shared hosting. But maybe, this could give another idea to someone.

Regards

Pascal

Bonus : mot de passe de mise à jour

Lorsque vous utilisez l’outil de mise à jour intégré, via l’interface web, il est fort probable qu’il vous demande un mot de passe. Qui n’est pas le votre. Il demande la version en clair de ce qui correspond à updater.secret contenu dans votre fichier de configuration serveur. Et évidemment, puisque c’est un hash, ce n’est pas réversible.

La seule solution est donc de générer un nouveau updater.secret et de le remplacer dans config.php, en notant au passage la valeur en clair ! :slightly_smiling_face:

Pour ce faire, créez un fichier PHP vierge quelque part sur votre mutu, et placez-y le contenu suivant :

<?php $password = trim(shell_exec("openssl rand -base64 48"));if(strlen($password) === 64) {$hash = password_hash($password, PASSWORD_DEFAULT) . "\n"; echo "Insert as updater.secret: ".$hash; echo "The plaintext value is: ".$password."\n";}else{echo "Could not execute OpenSSL.\n";}; ?>

Accédez à ce fichier depuis votre navigateur, notez les deux valeurs renvoyées, et c’est tout bon, vous pourrez mettre à jour après remplacement du hash et validation de sa valeur en clair !

Si malgré tout cela ne fonctionne toujours pas, j’ai une solution de contournement à proposer, certes pas optimale, mais efficace.

Après des recherches, il semble que le serveur Apache chez OVH n’honore pas la CSP ( Content Security Policy ) intégrée à Nextcloud, et conserve la sienne, visiblement trop restrictive. Après moult essais, voici une CSP permettant à votre navigateur d’exécuter le script qui indique à l’Updater que vous êtes connecté, et administrateur de la plateforme. Si cette CSP est absente, l’information « cet utilisateur est connecté en tant qu’administrateur et peut donc procéder à la mise à jour » n’arrive pas à l’Updater, ce qui déclenche l’apparition de ce joli message parlant d’updater.secret.

Bref, trêve de babillages, action. Ouvrez votre .htaccess et dans le bloc des headers ajoutez :

Header always set Content-Security-Policy "script-src 'self' 'unsafe-eval' 'unsafe-inline';"

Cette CSP est très (trop) permissive, et je vous conseille de commenter la ligne en question entre deux mises à jour. M’enfin, faute de mieux… Qui sait, ça résoudra peut-être d’autres de vos problèmes !

2 Likes

Hi @SailingDad,

Just FYI, I very recently upgraded two nextcloud instances from 13.0.0 to 13.0.4.

  • First nextcloud instance was on a common shared web hosting service (OVH). The exact same error still occured.
  • Second nextcloud instance was on a pro shared web hosting (OVH again). No problem has been faced at all : I could update through the web interface. Even if the problem has occured on this instance on some past versions.

Remark : The first nextcloud instance cannot install owncloud applications (such as contacts or calendars). I have to install them manually by myself. the second nextcloud instance could install owncloud applications automatically.

Thanks for the workaround which I can try if I find some times and I face again this problem.

I use OVH as well and have no luck in updating nextcloud. I’ve tried all the solutions suggested above, but none of the worked.
Now I’m upgrading to 14.0 manually and see if the issue is solved.

I am after successful update via built-in updater form 13.0.1 to 14.0.1 on OVH shared hosting (perso 2014).
The solution that works for me is:

find your .ovhconfig file and change line:

app.engine=php

to

app.engine=phpcgi

Great! That worked for me too! Thanks a lot.

It works for the update to 15.07 with the OVH webhost. thanks ! A bonus point is that the .htaccess file is overriden during the update, so the unsafe Header is removed each time.

I have the same issue today and fixed it as described by philippeVerney.
I simply generated the new values, replace “updater.secret” in the config.php and after that, I could log in to the web console with a “plaintext value”.