I don’t use encryption at all and get the same error message. And I can’t change the password 
To your point: There are always users that will forget their password and not all of them will use the checkbox to enable password recovery. I know that because I tell them to change their password but way to many don’t… So there needs to be an option to prevent data loss for people that are not experts in Nextcloud or cloud storage at all. In my opinion, the admin and/or the user should have an option to reset passwords without data loss by default. Password-loss resulting in data-loss should be a well-explained “opt-in” decision made by the user only.
How about the admin can click a button to change the password to a random one but only the user gets an email with the new user and the encryption key on the server changes accordingly?
EDIT:
ok, I changed it via:
sudo -u www-data php occ user:resetpassword the_user_name
in the console but got an error message:
Private Key missing for user: please try to log-out and log-in again
Wow, log-out what? SSH? the user in nextcloud? the admin user? The user can’t even log in, so this is not a great help.
After I tried logging in with the new credentials, that worked, however a message kept popping up:
Falscher privater Schlüssel für die Verschlüsselungs-App. Bitte aktualisieren Sie Ihren privaten Schlüssel in Ihren persönlichen Einstellungen um wieder Zugriff auf die verschlüsselten Dateien zu erhalten
Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files
So I followed the advice of this guy, disabling the “Default encryption module” app, which finally worked.
Man, I don’t have time for these games…