Hi folks,
after running letsencrypt in “ncp-config” I can no longer access my instance neither external nor locally, not even the nextcloudpi panel. I only have SSH access
What I did:
- run letsencrypt
- rebooted because the certificate did not work (when trying to connect there is no certificate)
###output of letsencrypt:###
Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
Error output from ncp:
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ncp-nextcloud/privkey.pem
Your cert will expire on 2022-01-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
INFO: Letsencrypt domain is **my.domain.removed.com**
Cannot load Zend OPcache - it was already loaded
INFO: Metrics enabled: no
**ERROR: Could not generate /etc/apache2/sites-available/nextcloud.conf from template nextcloud.conf.sh**. Rolling back...
WARN: my.domain.removed.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
System config value trusted_domains => 3 set to string **my.domain.removed.com**
Cannot load Zend OPcache - it was already loaded
System config value overwrite.cli.url set to string https://**my.domain.removed.com**/
Cannot load Zend OPcache - it was already loaded
Done. Press any key...
###/etc/apache2/sites-enabled/ncp.conf:###
Listen 4443
<VirtualHost _default_:4443>
DocumentRoot /var/www/ncp-web
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/**my.domain.removed.com**/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/**my.domain.removed.com**/privkey.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
# 2 days to avoid very big backups requests to timeout
TimeOut 172800
<IfModule mod_authnz_external.c>
DefineExternalAuth pwauth pipe /usr/sbin/pwauth
</IfModule>
</VirtualHost>
<Directory /var/www/ncp-web/>
AuthType Basic
AuthName "ncp-web login"
AuthBasicProvider external
AuthExternal pwauth
SetEnvIf Request_URI "^" noauth
SetEnvIf Request_URI "^index\.php$" !noauth
SetEnvIf Request_URI "^/$" !noauth
SetEnvIf Request_URI "^/wizard/index.php$" !noauth
SetEnvIf Request_URI "^/wizard/$" !noauth
<RequireAll>
<RequireAny>
Require host localhost
Require local
Require ip 192.168
Require ip 172
Require ip 10
Require ip fe80::/10
Require ip fd00::/8
</RequireAny>
<RequireAny>
Require env noauth
###/etc/apache2/sites-available/nextcloud.conf###
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
###ncp-report: (when not having access and with the settings shown above, before I tried anything)
NextCloudPi version v1.40.4
NextCloudPi image NextCloudPi_11-27-20
distribution Debian GNU/Linux 10 \n \l
automount yes
USB devices sda sdb
datadir /media/data/ncdata
data in SD no
data filesystem btrfs
data disk usage 139G/477G
rootfs usage 5.0G/118G
swapfile /var/swap
dbdir /var/lib/mysql
Nextcloud check ok
Nextcloud version 22.2.0.2
HTTPD service down
PHP service up
MariaDB service up
Redis service up
HPB service down
Postfix service up
internet check ok
port check 80 closed
port check 443 closed
Server version: Apache/2.4.38 (Debian)
PHP 7.3.29-1~deb10u1
Zend Engine v3.3.29, with Zend OPcache v7.3.29-1~deb10u1
What I tried (to fix this):
- I noticed that there is a difference between what letsencrypt says it is saving the fullchain.pem in "/etc/letsencrypt/live/ncp-nextcloud/"
and the ncp.conf file says that it is located at "/etc/letsencrypt/live/my.domain.removed.com/fullchain.pem" - So I changed the ncp.conf file to the location “/etc/letsencrypt/live/ncp-nextcloud/”
- rebooted
- Then I could access the server again with my local IP and get access to the NCP-Panel again. But the external access still fails due to a lag of the certificate.
4.1 ncp-report then shows:
HTTPD service up
|port check 80|open|
|port check 443|open|
-
When I run letsencrypt again, the ncp.conf file resets to /etc/letsencrypt/live/my.domain.removed.com/fullchain.pem
-
I even did a complete new clean setup of NextcloudPi and restored my backup, same issue occurs.
I would be very happy if someone could tell me what has gone wrong here, I did not change any settings and the cloud worked fine for years. I have no more ideas.
When I searched the forum, there where some similar problems but in detail they differed, so I created this new topic.
Thanks a lot for the help (: