Hi @nachoparker, thanks a lot for helping (:
I also did run sudo ncp-update devel it stays on v1.40.6 and when I run letsencrypt again, unfortunately nothing changes to the issue stated.
ok, please try again (update devel and then letsencrypt) and share the output from LE. I added some debugging to dig in.
1 Like
Unfortunately I seem to have hit the rate limit. Hopes this provides some useful information anyway. Do you also need the letsencrypt.log?
Running letsencrypt
+ [[ yes != \y\e\s ]]
+ local DOMAIN_LOWERCASE=my.domain.removed.com
+ local OTHER_DOMAINS_ARRAY
+ [[ my.domain.removed.com == '' ]]
+ local 'IFS_BK=
'
+ IFS=',
'
+ OTHER_DOMAINS_ARRAY=(${OTHER_DOMAIN})
+ IFS='
'
+ local domain_string=
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ my.domain.removed.com != '' ]]
+ [[ '' == '' ]]
+ domain_string+=my.domain.removed.com
+ /usr/bin/letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w /var/www/nextcloud --hsts --agree-tos -m user_removed@mail.com -d my.domain.removed.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: my.domain.removed.com: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
+ rm -rf /var/www/nextcloud/.well-known
+ return 1
Done. Press any key...
thanks for that. Unfortunately the interesting part is what comes afterwards. Maybe @mkorsch can help with his output, since you’ll have to wait to try again.
This is the output I get after sudo ncp-update devel and running letsencryp via ncp-config:
Running letsencrypt
+ [[ yes != \y\e\s ]]
+ local DOMAIN_LOWERCASE=cloud.my-domain.com
+ local OTHER_DOMAINS_ARRAY
+ [[ cloud.my-domain.com == '' ]]
+ local 'IFS_BK=
'
+ IFS=',
'
+ OTHER_DOMAINS_ARRAY=(${OTHER_DOMAIN})
+ IFS='
'
+ local domain_string=
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud.my-domain.com != '' ]]
+ [[ '' == '' ]]
+ domain_string+=cloud.my-domain.com
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud1.my-domain.com != '' ]]
+ [[ cloud.my-domain.com == '' ]]
+ domain_string+=,cloud1.my-domain.com
+ /usr/bin/letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w /var/www/nextcloud --hsts --agree-tos -m mail@my-domain.com -d cloud.my-domain.com,cloud1.my-domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ncp-nextcloud/privkey.pem
Your cert will expire on 2022-01-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
+ cat
+ chmod 755 /etc/cron.weekly/letsencrypt-ncp
+ mkdir -p /etc/letsencrypt/renewal-hooks/deploy
+ cat
+ chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp
+ install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
+ local template=nextcloud.conf.sh
+ local target=/etc/apache2/sites-available/nextcloud.conf
++ mktemp
+ local bkp=/tmp/tmp.3Omg98mNCn
+ [[ -f /etc/apache2/sites-available/nextcloud.conf ]]
+ cp -a /etc/apache2/sites-available/nextcloud.conf /tmp/tmp.3Omg98mNCn
+ [[ '' == \-\-\d\e\f\a\u\l\t\s ]]
+ bash /usr/local/etc/ncp-templates/nextcloud.conf.sh
INFO: Letsencrypt domain is cloud.my-domain.com
INFO: Metrics enabled: yes
+ [[ '' == \-\-\a\l\l\o\w\-\f\a\l\l\b\a\c\k ]]
+ echo 'ERROR: Could not generate /etc/apache2/sites-available/nextcloud.conf from template nextcloud.conf.sh. Rolling back...'
ERROR: Could not generate /etc/apache2/sites-available/nextcloud.conf from template nextcloud.conf.sh. Rolling back...
+ mv /tmp/tmp.3Omg98mNCn /etc/apache2/sites-available/nextcloud.conf
+ return 1
+ sed -i 's|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/cloud.my-domain.com/fullchain.pem|' /etc/apache2/sites-available/ncp.conf
+ sed -i 's|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/cloud.my-domain.com/privkey.pem|' /etc/apache2/sites-available/ncp.conf
+ local domain_index=22
+ for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud.my-domain.com != '' ]]
+ [[ 22 -lt 20 ]]
+ echo 'WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached).' 'It will still be included in the SSL certificate'
WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
+ continue
+ for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud1.my-domain.com != '' ]]
+ [[ 22 -lt 20 ]]
+ echo 'WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached).' 'It will still be included in the SSL certificate'
WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
+ continue
+ set-nc-domain cloud.my-domain.com
+ local domain=cloud.my-domain.com
++ sed 's|http.\?://||;s|\(/.*\)||'
+ domain=cloud.my-domain.com
+ ping -c1 -w1 -q cloud.my-domain.com
+ [[ cloud.my-domain.com == '' ]]
+ is_an_ip cloud.my-domain.com
+ local ip_or_domain=cloud.my-domain.com
+ grep -oPq '\d{1,3}(.\d{1,3}){3}'
+ local proto
++ ncc config:system:get overwriteprotocol
+ proto=https
+ [[ https == '' ]]
+ local url=https://cloud.my-domain.com
+ [[ '' == \-\-\n\o\-\t\r\u\s\t\e\d\-\d\o\m\a\i\n ]]
+ ncc config:system:set trusted_domains 3 --value=cloud.my-domain.com
System config value trusted_domains => 3 set to string cloud.my-domain.com
+ ncc config:system:set overwrite.cli.url --value=https://cloud.my-domain.com/
System config value overwrite.cli.url set to string https://cloud.my-domain.com/
+ is_ncp_activated
+ a2query -s ncp-activation -q
+ is_app_enabled notify_push
+ local app=notify_push
+ ncc app:list
+ sed '0,/Disabled/!d'
+ grep -q notify_push
+ ncc config:system:set trusted_proxies 11 --value=127.0.0.1
System config value trusted_proxies => 11 set to string 127.0.0.1
+ ncc config:system:set trusted_proxies 12 --value=::1
System config value trusted_proxies => 12 set to string ::1
+ ncc config:system:set trusted_proxies 13 --value=cloud.my-domain.com
System config value trusted_proxies => 13 set to string cloud.my-domain.com
++ dig +short cloud.my-domain.com
+ ncc config:system:set trusted_proxies 14 --value=87.79.70.203
System config value trusted_proxies => 14 set to string 87.79.70.203
+ sleep 5
+ ncc notify_push:setup https://cloud.my-domain.com/push
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
+ rm -rf /var/www/nextcloud/.well-known
+ bash -c 'sleep 2 && service apache2 reload'
+ is_docker
+ [[ -f /.dockerenv ]]
+ [[ '' == 1 ]]
+ return 0
Done. Press any key...
Thanks a lot for your support!
Ok, thanks that’s very useful.
Can you please run sudo ncp-update devel again and retry?
Sure, here’s the output after another update:
Running letsencrypt
+ [[ yes != \y\e\s ]]
+ local DOMAIN_LOWERCASE=cloud.my-domain.com
+ local OTHER_DOMAINS_ARRAY
+ [[ cloud.my-domain.com == '' ]]
+ local 'IFS_BK=
'
+ IFS=',
'
+ OTHER_DOMAINS_ARRAY=(${OTHER_DOMAIN})
+ IFS='
'
+ local domain_string=
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud.my-domain.com != '' ]]
+ [[ '' == '' ]]
+ domain_string+=cloud.my-domain.com
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud1.my-domain.com != '' ]]
+ [[ cloud.my-domain.com == '' ]]
+ domain_string+=,cloud1.my-domain.com
+ /usr/bin/letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w /var/www/nextcloud --hsts --agree-tos -m mail@my-domain.com -d cloud.my-domain.com,cloud1.my-domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ncp-nextcloud/privkey.pem
Your cert will expire on 2022-01-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
+ cat
+ chmod 755 /etc/cron.weekly/letsencrypt-ncp
+ mkdir -p /etc/letsencrypt/renewal-hooks/deploy
+ cat
+ chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp
+ install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
+ local template=nextcloud.conf.sh
+ local target=/etc/apache2/sites-available/nextcloud.conf
++ mktemp
+ local bkp=/tmp/tmp.WkXkFZiUW2
+ [[ -f /etc/apache2/sites-available/nextcloud.conf ]]
+ cp -a /etc/apache2/sites-available/nextcloud.conf /tmp/tmp.WkXkFZiUW2
+ [[ '' == \-\-\d\e\f\a\u\l\t\s ]]
+ bash /usr/local/etc/ncp-templates/nextcloud.conf.sh
INFO: Letsencrypt domain is cloud.my-domain.com
INFO: Metrics enabled: yes
+ [[ '' == \-\-\a\l\l\o\w\-\f\a\l\l\b\a\c\k ]]
+ echo 'ERROR: Could not generate /etc/apache2/sites-available/nextcloud.conf from template nextcloud.conf.sh. Rolling back...'
ERROR: Could not generate /etc/apache2/sites-available/nextcloud.conf from template nextcloud.conf.sh. Rolling back...
+ mv /tmp/tmp.WkXkFZiUW2 /etc/apache2/sites-available/nextcloud.conf
+ return 1
+ sed -i 's|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/cloud.my-domain.com/fullchain.pem|' /etc/apache2/sites-available/ncp.conf
+ sed -i 's|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/cloud.my-domain.com/privkey.pem|' /etc/apache2/sites-available/ncp.conf
+ local domain_index=22
+ for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud.my-domain.com != '' ]]
+ [[ 22 -lt 20 ]]
+ echo 'WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached).' 'It will still be included in the SSL certificate'
WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
+ continue
+ for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud1.my-domain.com != '' ]]
+ [[ 22 -lt 20 ]]
+ echo 'WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached).' 'It will still be included in the SSL certificate'
WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
+ continue
+ set-nc-domain cloud.my-domain.com
+ local domain=cloud.my-domain.com
++ sed 's|http.\?://||;s|\(/.*\)||'
+ domain=cloud.my-domain.com
+ ping -c1 -w1 -q cloud.my-domain.com
+ [[ cloud.my-domain.com == '' ]]
+ is_an_ip cloud.my-domain.com
+ local ip_or_domain=cloud.my-domain.com
+ grep -oPq '\d{1,3}(.\d{1,3}){3}'
+ local proto
++ ncc config:system:get overwriteprotocol
+ proto=https
+ [[ https == '' ]]
+ local url=https://cloud.my-domain.com
+ [[ '' == \-\-\n\o\-\t\r\u\s\t\e\d\-\d\o\m\a\i\n ]]
+ ncc config:system:set trusted_domains 3 --value=cloud.my-domain.com
System config value trusted_domains => 3 set to string cloud.my-domain.com
+ ncc config:system:set overwrite.cli.url --value=https://cloud.my-domain.com/
System config value overwrite.cli.url set to string https://cloud.my-domain.com/
+ is_ncp_activated
+ a2query -s ncp-activation -q
+ is_app_enabled notify_push
+ local app=notify_push
+ ncc app:list
+ sed '0,/Disabled/!d'
+ grep -q notify_push
+ ncc config:system:set trusted_proxies 11 --value=127.0.0.1
System config value trusted_proxies => 11 set to string 127.0.0.1
+ ncc config:system:set trusted_proxies 12 --value=::1
System config value trusted_proxies => 12 set to string ::1
+ ncc config:system:set trusted_proxies 13 --value=cloud.my-domain.com
System config value trusted_proxies => 13 set to string cloud.my-domain.com
++ dig +short cloud.my-domain.com
+ ncc config:system:set trusted_proxies 14 --value=87.79.70.203
System config value trusted_proxies => 14 set to string 87.79.70.203
+ sleep 5
+ ncc notify_push:setup https://cloud.my-domain.com/push
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
+ rm -rf /var/www/nextcloud/.well-known
+ bash -c 'sleep 2 && service apache2 reload'
+ is_docker
+ [[ -f /.dockerenv ]]
+ [[ '' == 1 ]]
+ return 0
Done. Press any key...
oh gosh, so sorry, made the changes but didn’t push them. Please try again
Sure, here you go:
Running letsencrypt
+ [[ yes != \y\e\s ]]
+ local DOMAIN_LOWERCASE=cloud.my-domain.com
+ local OTHER_DOMAINS_ARRAY
+ [[ cloud.my-domain.com == '' ]]
+ local 'IFS_BK=
'
+ IFS=',
'
+ OTHER_DOMAINS_ARRAY=(${OTHER_DOMAIN})
+ IFS='
'
+ local domain_string=
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud.my-domain.com != '' ]]
+ [[ '' == '' ]]
+ domain_string+=cloud.my-domain.com
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud1.my-domain.com != '' ]]
+ [[ cloud.my-domain.com == '' ]]
+ domain_string+=,cloud1.my-domain.com
+ /usr/bin/letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w /var/www/nextcloud --hsts --agree-tos -m mail@my-domain.com -d cloud.my-domain.com,cloud1.my-domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ncp-nextcloud/privkey.pem
Your cert will expire on 2022-01-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
+ cat
+ chmod 755 /etc/cron.weekly/letsencrypt-ncp
+ mkdir -p /etc/letsencrypt/renewal-hooks/deploy
+ cat
+ chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp
+ install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
+ local template=nextcloud.conf.sh
+ local target=/etc/apache2/sites-available/nextcloud.conf
++ mktemp
+ local bkp=/tmp/tmp.MlNsa1USp4
+ [[ -f /etc/apache2/sites-available/nextcloud.conf ]]
+ cp -a /etc/apache2/sites-available/nextcloud.conf /tmp/tmp.MlNsa1USp4
+ [[ '' == \-\-\d\e\f\a\u\l\t\s ]]
+ bash /usr/local/etc/ncp-templates/nextcloud.conf.sh
INFO: Letsencrypt domain is cloud.my-domain.com
INFO: Metrics enabled: yes
+ [[ '' == \-\-\a\l\l\o\w\-\f\a\l\l\b\a\c\k ]]
+ rm /tmp/tmp.MlNsa1USp4
+ sed -i 's|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/cloud.my-domain.com/fullchain.pem|' /etc/apache2/sites-available/ncp.conf
+ sed -i 's|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/cloud.my-domain.com/privkey.pem|' /etc/apache2/sites-available/ncp.conf
+ local domain_index=22
+ for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud.my-domain.com != '' ]]
+ [[ 22 -lt 20 ]]
+ echo 'WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached).' 'It will still be included in the SSL certificate'
WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
+ continue
+ for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ cloud1.my-domain.com != '' ]]
+ [[ 22 -lt 20 ]]
+ echo 'WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached).' 'It will still be included in the SSL certificate'
WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
+ continue
+ set-nc-domain cloud.my-domain.com
+ local domain=cloud.my-domain.com
++ sed 's|http.\?://||;s|\(/.*\)||'
+ domain=cloud.my-domain.com
+ ping -c1 -w1 -q cloud.my-domain.com
+ [[ cloud.my-domain.com == '' ]]
+ is_an_ip cloud.my-domain.com
+ local ip_or_domain=cloud.my-domain.com
+ grep -oPq '\d{1,3}(.\d{1,3}){3}'
+ local proto
++ ncc config:system:get overwriteprotocol
+ proto=https
+ [[ https == '' ]]
+ local url=https://cloud.my-domain.com
+ [[ '' == \-\-\n\o\-\t\r\u\s\t\e\d\-\d\o\m\a\i\n ]]
+ ncc config:system:set trusted_domains 3 --value=cloud.my-domain.com
System config value trusted_domains => 3 set to string cloud.my-domain.com
+ ncc config:system:set overwrite.cli.url --value=https://cloud.my-domain.com/
System config value overwrite.cli.url set to string https://cloud.my-domain.com/
+ is_ncp_activated
+ a2query -s ncp-activation -q
+ is_app_enabled notify_push
+ local app=notify_push
+ ncc app:list
+ sed '0,/Disabled/!d'
+ grep -q notify_push
+ ncc config:system:set trusted_proxies 11 --value=127.0.0.1
System config value trusted_proxies => 11 set to string 127.0.0.1
+ ncc config:system:set trusted_proxies 12 --value=::1
System config value trusted_proxies => 12 set to string ::1
+ ncc config:system:set trusted_proxies 13 --value=cloud.my-domain.com
System config value trusted_proxies => 13 set to string cloud.my-domain.com
++ dig +short cloud.my-domain.com
+ ncc config:system:set trusted_proxies 14 --value=87.79.70.203
System config value trusted_proxies => 14 set to string 87.79.70.203
+ sleep 5
+ ncc notify_push:setup https://cloud.my-domain.com/push
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
+ apachectl -k graceful
AH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/nextcloud.conf:
SSLCertificateFile: file '/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.
+ rm -rf /var/www/nextcloud/.well-known
+ is_docker
+ [[ -f /.dockerenv ]]
+ [[ '' == 1 ]]
+ return 0
Done. Press any key...
The template error is not present anymore. But now it seems like we have an error in /etc/apache2/sites-enabled/nextcloud.conf. This is the content of my nextcloud.conf after running letsencrypt:
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
ServerName cloud.my-domain.com
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /fullchain.pem
SSLCertificateKeyFile /privkey.pem
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
<Location /metrics/system>
ProxyPass http://localhost:9100/metrics
Order deny,allow
Allow from all
AuthType Basic
AuthName "Metrics"
AuthUserFile /usr/local/etc/metrics.htpasswd
<RequireAll>
<RequireAny>
Require host localhost
Require valid-user
</RequireAny>
</RequireAll>
</Location>
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
Maybe the path to the certificate files is not properly resolved?
After manually changing lines 11 and 12 from SSLCertificateFile /fullchain.pem
to SSLCertificateFile /etc/letsencrypt/live/ncp-nextcloud/fullchain.pem it works again and I can access my instance with a valid SSL certificate. But as manual changes get overwritten in this file we may need another tweak in the template.
1 Like
Hey @mkorsch
Nice! That’s perfect as a workaround for now (:
I changed the Line 10 and 11 of nextcloud.conf from
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
to
SSLCertificateFile /etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ncp-nextcloud/privkey.pem
I also changed the ncp.conf to the same location.
It works for now with this workaround! Thanks a lot.
thanks @mkorsch, we are making progress. You ran into a different bug. Can you please run sudo ncp-update and try again? the path should be correct this time around
I updated to NCP version 1.41.0 using sudo ncp-update (without devel).
Running letsencrypt produced following output:
Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ncp-nextcloud/privkey.pem
Your cert will expire on 2022-01-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
INFO: Letsencrypt domain is cloud.my-domain.com
INFO: Metrics enabled: yes
WARN: cloud.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
WARN: cloud1.my-domain.com will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
System config value trusted_domains => 3 set to string cloud.my-domain.com
System config value overwrite.cli.url set to string https://cloud.my-domain.com/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string cloud.my-domain.com
System config value trusted_proxies => 14 set to string 87.79.70.203
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
AH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/nextcloud.conf:
SSLCertificateFile: file '/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.
Done. Press any key...
My nextcloud.conf seems to be still not correct:
SSLProxyEngine on
SSLCertificateFile /fullchain.pem
SSLCertificateKeyFile /privkey.pem
Did you push your changes? 
I did, let’s see, let’s debug this. Please share the output from
sudo su
ncp-update devel
source /usr/local/etc/library.sh
set -x
source /usr/local/etc/ncp-templates/nextcloud.conf.sh
set +x
Here’s the output:
pi@nextcloudpi:~ $ sudo su
root@nextcloudpi:/home/pi# ncp-update devel
INFO: updating to development branch 'devel'
Downloading updates
Performing updates
No such app enabled: updatenotification
Running nc-notify-updates
update web notifications enabled
NextCloudPi updated to version v1.41.0
root@nextcloudpi:/home/pi# source /usr/local/etc/library.sh
root@nextcloudpi:/home/pi# set -x
root@nextcloudpi:/home/pi# source /usr/local/etc/ncp-templates/nextcloud.conf.sh
+ source /usr/local/etc/ncp-templates/nextcloud.conf.sh
++ set -e
++ source /usr/local/etc/library.sh
+++ export NCPCFG=/usr/local/etc/ncp.cfg
+++ NCPCFG=/usr/local/etc/ncp.cfg
+++ export CFGDIR=/usr/local/etc/ncp-config.d
+++ CFGDIR=/usr/local/etc/ncp-config.d
+++ export BINDIR=/usr/local/bin/ncp
+++ BINDIR=/usr/local/bin/ncp
+++ export NCDIR=/var/www/nextcloud
+++ NCDIR=/var/www/nextcloud
+++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
+++ export TRUSTED_DOMAINS
+++ command -v jq
+++ [[ -f /usr/local/etc/ncp.cfg ]]
++++ jq -r .nextcloud_version
+++ NCLATESTVER=21.0.4
++++ jq -r .php_version
+++ PHPVER=7.3
++++ jq -r .release
+++ RELEASE=buster
+++ command -v ncc
++++ ncc status
++++ grep version:
++++ awk '{ print $3 }'
+++ NCVER=21.0.4.1
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ ! -f /.docker-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
+++ [[ -f /.ncp-image ]]
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
+++ tmpl_letsencrypt_domain
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
++++ NCVER=21.0.4.1
+++ is_active_app letsencrypt
+++ local ncp_app=letsencrypt
+++ local bin_dir=.
+++ local script=./letsencrypt.sh
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ [[ -f ./letsencrypt.sh ]]
++++ find /usr/local/bin/ncp -name letsencrypt.sh
++++ head -1
+++ local script=/usr/local/bin/ncp/NETWORKING/letsencrypt.sh
+++ [[ -f /usr/local/bin/ncp/NETWORKING/letsencrypt.sh ]]
+++ unset is_active
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
++++ type -t is_active
+++ [[ function == function ]]
+++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ local 'cfg={
"id": "letsencrypt",
"name": "Let'\''s Encrypt, Automatic signed SSL certificates",
"title": "letsencrypt",
"description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and open Certificate Authority.",
"info": "Internet access is required for this configuration to complete\nBoth ports 80 and 443 need to be accessible from the internet\n\nYour certificate will be automatically renewed every month",
"infotitle": "Warning",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "DOMAIN",
"name": "Domain",
"value": "cloud.my-domain.com",
"suggest": "mycloud.ownyourbits.com"
},
{
"id": "OTHER_DOMAIN",
"name": "Additional domain",
"value": "cloud1.my-domain.com",
"suggest": "optional.cloud.ownyourbits.com"
},
{
"id": "EMAIL",
"name": "Email",
"value": "mail@my-domain.com",
"suggest": "mycloud@ownyourbits.com"
}
]
}'
++++ jq '.params | length'
+++ local len=4
+++ (( i = 0 ))
+++ (( i < len ))
++++ jq -r '.params[0].id'
+++ local var=ACTIVE
++++ jq -r '.params[0].value'
+++ local val=yes
+++ eval ACTIVE=yes
++++ ACTIVE=yes
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[1].id'
+++ local var=DOMAIN
++++ jq -r '.params[1].value'
+++ local val=cloud.my-domain.com
+++ eval DOMAIN=cloud.my-domain.com
++++ DOMAIN=cloud.my-domain.com
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[2].id'
+++ local var=OTHER_DOMAIN
++++ jq -r '.params[2].value'
+++ local val=cloud1.my-domain.com
+++ eval OTHER_DOMAIN=cloud1.my-domain.com
++++ OTHER_DOMAIN=cloud1.my-domain.com
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[3].id'
+++ local var=EMAIL
++++ jq -r '.params[3].value'
+++ local val=mail@my-domain.com
+++ eval EMAIL=mail@my-domain.com
++++ EMAIL=mail@my-domain.com
+++ (( i++ ))
+++ (( i < len ))
+++ is_active
+++ [[ yes == \y\e\s ]]
++++ find /etc/letsencrypt/live/ -maxdepth 0 -empty
++++ wc -l
+++ [[ 0 == 0 ]]
+++ return 0
+++ find_app_param letsencrypt DOMAIN
+++ local script=letsencrypt
+++ local param_id=DOMAIN
++++ basename letsencrypt .sh
+++ local ncp_app=letsencrypt
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ find_app_param_num letsencrypt DOMAIN
++++ local script=letsencrypt
++++ local param_id=DOMAIN
+++++ basename letsencrypt .sh
++++ local ncp_app=letsencrypt
++++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
+++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ local 'cfg={
"id": "letsencrypt",
"name": "Let'\''s Encrypt, Automatic signed SSL certificates",
"title": "letsencrypt",
"description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and open Certificate Authority.",
"info": "Internet access is required for this configuration to complete\nBoth ports 80 and 443 need to be accessible from the internet\n\nYour certificate will be automatically renewed every month",
"infotitle": "Warning",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "DOMAIN",
"name": "Domain",
"value": "cloud.my-domain.com",
"suggest": "mycloud.ownyourbits.com"
},
{
"id": "OTHER_DOMAIN",
"name": "Additional domain",
"value": "cloud1.my-domain.com",
"suggest": "optional.cloud.ownyourbits.com"
},
{
"id": "EMAIL",
"name": "Email",
"value": "mail@my-domain.com",
"suggest": "mycloud@ownyourbits.com"
}
]
}'
+++++ jq '.params | length'
++++ local len=4
++++ (( i = 0 ))
++++ (( i < len ))
+++++ jq -r '.params[0].id'
++++ local p_id=ACTIVE
++++ [[ DOMAIN == \A\C\T\I\V\E ]]
++++ (( i++ ))
++++ (( i < len ))
+++++ jq -r '.params[1].id'
++++ local p_id=DOMAIN
++++ [[ DOMAIN == \D\O\M\A\I\N ]]
++++ echo 1
++++ return 0
+++ local p_num=1
+++ jq -r '.params[1].value'
++ LETSENCRYPT_DOMAIN=cloud.my-domain.com
++ [[ -z cloud.my-domain.com ]]
++ echo 'INFO: Letsencrypt domain is cloud.my-domain.com'
INFO: Letsencrypt domain is cloud.my-domain.com
++ [[ -f /.ncp-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -f /usr/local/bin/ncp/SYSTEM/metrics.sh ]]
+++ source /usr/local/bin/ncp/SYSTEM/metrics.sh
+++ tmpl_metrics_enabled
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
++++ NCVER=21.0.4.1
++++ find_app_param metrics.sh ACTIVE
++++ local script=metrics.sh
++++ local param_id=ACTIVE
+++++ basename metrics.sh .sh
++++ local ncp_app=metrics
++++ local cfg_file=/usr/local/etc/ncp-config.d/metrics.cfg
+++++ find_app_param_num metrics.sh ACTIVE
+++++ local script=metrics.sh
+++++ local param_id=ACTIVE
++++++ basename metrics.sh .sh
+++++ local ncp_app=metrics
+++++ local cfg_file=/usr/local/etc/ncp-config.d/metrics.cfg
+++++ [[ -f /usr/local/etc/ncp-config.d/metrics.cfg ]]
++++++ cat /usr/local/etc/ncp-config.d/metrics.cfg
+++++ local 'cfg={
"id": "metrics",
"name": "System Metrics, that can be collected by an external server",
"title": "System Metrics",
"description": "Prometheus (https://prometheus.io) compatible metrics for things like, CPU/memory/disk usage etc.",
"info": "In order to use these metrics, you will need to setup at least an external Prometheus instance. You can find a quick and easy way to start at https://github.com/theCalcaholic/ncp-monitoring-dashboard",
"infotitle": "External service required",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "USER",
"name": "Metrics User",
"value": "monitoring-user",
"suggest": "metrics"
},
{
"id": "PASSWORD",
"name": "Metrics Password",
"value": "",
"type": "password"
}
]
}'
++++++ jq '.params | length'
+++++ local len=3
+++++ (( i = 0 ))
+++++ (( i < len ))
++++++ jq -r '.params[0].id'
+++++ local p_id=ACTIVE
+++++ [[ ACTIVE == \A\C\T\I\V\E ]]
+++++ echo 0
+++++ return 0
++++ local p_num=0
++++ jq -r '.params[0].value'
+++ local param_active=yes
+++ [[ yes == yes ]]
+++ echo yes
++ METRICS_IS_ENABLED=yes
++ echo 'INFO: Metrics enabled: yes'
INFO: Metrics enabled: yes
++ echo '### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###'
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
++ echo ''
++ cat
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -n cloud.my-domain.com ]]
++ echo ' ServerName cloud.my-domain.com'
ServerName cloud.my-domain.com
++ LETSENCRYPT_CERT_BASE_PATH=/etc/letsencrypt/live/cloud.my-domain.com
++ [[ -d /etc/letsencrypt/live/cloud.my-domain.com ]]
+++ find /etc/letsencrypt/live -type d -name 'cloud.my-domain.com*' -printf '%T@ %p\n'
+++ sort -n
+++ cut -f2 '-d '
+++ tail -1
++ LETSENCRYPT_CERT_BASE_PATH=
++ [[ -d '' ]]
++ cat
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ yes == yes ]]
++ cat
<Location /metrics/system>
ProxyPass http://localhost:9100/metrics
Order deny,allow
Allow from all
AuthType Basic
AuthName "Metrics"
AuthUserFile /usr/local/etc/metrics.htpasswd
<RequireAll>
<RequireAny>
Require host localhost
Require valid-user
</RequireAny>
</RequireAll>
</Location>
++ cat
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
++ [[ -f /.ncp-image ]]
++ echo 'Apache self check:'
++ apache2ctl -t
pi@nextcloudpi:~ $ set +x
pi@nextcloudpi:~ $
Thanks a lot for your support and investigation!
This is where things are going south
, what is the result from this command?
You may be interested in this output?
pi@nextcloudpi:/home $ ls -al /etc/letsencrypt/live/
total 16
drwxr-xr-x 3 root root 4096 Oct 11 21:10 .
drwxr-xr-x 9 root root 4096 Oct 14 20:17 ..
drwxr-xr-x 2 root root 4096 Oct 14 20:17 ncp-nextcloud
-rw-r--r-- 1 root root 740 Oct 10 22:07 README
pi@nextcloudpi:/home $ ls -al /etc/letsencrypt/live/ncp-nextcloud/
total 12
drwxr-xr-x 2 root root 4096 Oct 14 20:17 .
drwxr-xr-x 3 root root 4096 Oct 11 21:10 ..
lrwxrwxrwx 1 root root 37 Oct 14 20:17 cert.pem -> ../../archive/ncp-nextcloud/cert8.pem
lrwxrwxrwx 1 root root 38 Oct 14 20:17 chain.pem -> ../../archive/ncp-nextcloud/chain8.pem
lrwxrwxrwx 1 root root 42 Oct 14 20:17 fullchain.pem -> ../../archive/ncp-nextcloud/fullchain8.pem
lrwxrwxrwx 1 root root 40 Oct 14 20:17 privkey.pem -> ../../archive/ncp-nextcloud/privkey8.pem
-rw-r--r-- 1 root root 692 Oct 11 21:10 README
pi@nextcloudpi:/home $
oh gosh, that is it.
Please try again
There you go:
pi@nextcloudpi:~ $ sudo su
root@nextcloudpi:/home/pi# ncp-update devel
INFO: updating to development branch 'devel'
Downloading updates
Performing updates
No such app enabled: updatenotification
Running nc-notify-updates
update web notifications enabled
NextCloudPi updated to version v1.41.1
root@nextcloudpi:/home/pi# source /usr/local/etc/library.sh
root@nextcloudpi:/home/pi# set -x
root@nextcloudpi:/home/pi# source /usr/local/etc/ncp-templates/nextcloud.conf.sh
+ source /usr/local/etc/ncp-templates/nextcloud.conf.sh
++ set -e
++ source /usr/local/etc/library.sh
+++ export NCPCFG=/usr/local/etc/ncp.cfg
+++ NCPCFG=/usr/local/etc/ncp.cfg
+++ export CFGDIR=/usr/local/etc/ncp-config.d
+++ CFGDIR=/usr/local/etc/ncp-config.d
+++ export BINDIR=/usr/local/bin/ncp
+++ BINDIR=/usr/local/bin/ncp
+++ export NCDIR=/var/www/nextcloud
+++ NCDIR=/var/www/nextcloud
+++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
+++ export TRUSTED_DOMAINS
+++ command -v jq
+++ [[ -f /usr/local/etc/ncp.cfg ]]
++++ jq -r .nextcloud_version
+++ NCLATESTVER=21.0.4
++++ jq -r .php_version
+++ PHPVER=7.3
++++ jq -r .release
+++ RELEASE=buster
+++ command -v ncc
++++ ncc status
++++ grep version:
++++ awk '{ print $3 }'
+++ NCVER=21.0.4.1
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ ! -f /.docker-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
+++ [[ -f /.ncp-image ]]
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
+++ tmpl_letsencrypt_domain
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
++++ NCVER=21.0.4.1
+++ is_active_app letsencrypt
+++ local ncp_app=letsencrypt
+++ local bin_dir=.
+++ local script=./letsencrypt.sh
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ [[ -f ./letsencrypt.sh ]]
++++ find /usr/local/bin/ncp -name letsencrypt.sh
++++ head -1
+++ local script=/usr/local/bin/ncp/NETWORKING/letsencrypt.sh
+++ [[ -f /usr/local/bin/ncp/NETWORKING/letsencrypt.sh ]]
+++ unset is_active
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
++++ type -t is_active
+++ [[ function == function ]]
+++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ local 'cfg={
"id": "letsencrypt",
"name": "Let'\''s Encrypt, Automatic signed SSL certificates",
"title": "letsencrypt",
"description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and open Certificate Authority.",
"info": "Internet access is required for this configuration to complete\nBoth ports 80 and 443 need to be accessible from the internet\n\nYour certificate will be automatically renewed every month",
"infotitle": "Warning",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "DOMAIN",
"name": "Domain",
"value": "cloud.my-domain.com",
"suggest": "mycloud.ownyourbits.com"
},
{
"id": "OTHER_DOMAIN",
"name": "Additional domain",
"value": "cloud1.my-domain.com",
"suggest": "optional.cloud.ownyourbits.com"
},
{
"id": "EMAIL",
"name": "Email",
"value": "mail@my-domain.com",
"suggest": "mycloud@ownyourbits.com"
}
]
}'
++++ jq '.params | length'
+++ local len=4
+++ (( i = 0 ))
+++ (( i < len ))
++++ jq -r '.params[0].id'
+++ local var=ACTIVE
++++ jq -r '.params[0].value'
+++ local val=yes
+++ eval ACTIVE=yes
++++ ACTIVE=yes
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[1].id'
+++ local var=DOMAIN
++++ jq -r '.params[1].value'
+++ local val=cloud.my-domain.com
+++ eval DOMAIN=cloud.my-domain.com
++++ DOMAIN=cloud.my-domain.com
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[2].id'
+++ local var=OTHER_DOMAIN
++++ jq -r '.params[2].value'
+++ local val=cloud1.my-domain.com
+++ eval OTHER_DOMAIN=cloud1.my-domain.com
++++ OTHER_DOMAIN=cloud1.my-domain.com
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[3].id'
+++ local var=EMAIL
++++ jq -r '.params[3].value'
+++ local val=mail@my-domain.com
+++ eval EMAIL=mail@my-domain.com
++++ EMAIL=mail@my-domain.com
+++ (( i++ ))
+++ (( i < len ))
+++ is_active
+++ [[ yes == \y\e\s ]]
++++ find /etc/letsencrypt/live/ -maxdepth 0 -empty
++++ wc -l
+++ [[ 0 == 0 ]]
+++ return 0
+++ find_app_param letsencrypt DOMAIN
+++ local script=letsencrypt
+++ local param_id=DOMAIN
++++ basename letsencrypt .sh
+++ local ncp_app=letsencrypt
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ find_app_param_num letsencrypt DOMAIN
++++ local script=letsencrypt
++++ local param_id=DOMAIN
+++++ basename letsencrypt .sh
++++ local ncp_app=letsencrypt
++++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
+++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ local 'cfg={
"id": "letsencrypt",
"name": "Let'\''s Encrypt, Automatic signed SSL certificates",
"title": "letsencrypt",
"description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and open Certificate Authority.",
"info": "Internet access is required for this configuration to complete\nBoth ports 80 and 443 need to be accessible from the internet\n\nYour certificate will be automatically renewed every month",
"infotitle": "Warning",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "DOMAIN",
"name": "Domain",
"value": "cloud.my-domain.com",
"suggest": "mycloud.ownyourbits.com"
},
{
"id": "OTHER_DOMAIN",
"name": "Additional domain",
"value": "cloud1.my-domain.com",
"suggest": "optional.cloud.ownyourbits.com"
},
{
"id": "EMAIL",
"name": "Email",
"value": "mail@my-domain.com",
"suggest": "mycloud@ownyourbits.com"
}
]
}'
+++++ jq '.params | length'
++++ local len=4
++++ (( i = 0 ))
++++ (( i < len ))
+++++ jq -r '.params[0].id'
++++ local p_id=ACTIVE
++++ [[ DOMAIN == \A\C\T\I\V\E ]]
++++ (( i++ ))
++++ (( i < len ))
+++++ jq -r '.params[1].id'
++++ local p_id=DOMAIN
++++ [[ DOMAIN == \D\O\M\A\I\N ]]
++++ echo 1
++++ return 0
+++ local p_num=1
+++ jq -r '.params[1].value'
++ LETSENCRYPT_DOMAIN=cloud.my-domain.com
++ [[ -z cloud.my-domain.com ]]
++ echo 'INFO: Letsencrypt domain is cloud.my-domain.com'
INFO: Letsencrypt domain is cloud.my-domain.com
++ [[ -f /.ncp-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -f /usr/local/bin/ncp/SYSTEM/metrics.sh ]]
+++ source /usr/local/bin/ncp/SYSTEM/metrics.sh
+++ tmpl_metrics_enabled
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
++++ NCVER=21.0.4.1
++++ find_app_param metrics.sh ACTIVE
++++ local script=metrics.sh
++++ local param_id=ACTIVE
+++++ basename metrics.sh .sh
++++ local ncp_app=metrics
++++ local cfg_file=/usr/local/etc/ncp-config.d/metrics.cfg
+++++ find_app_param_num metrics.sh ACTIVE
+++++ local script=metrics.sh
+++++ local param_id=ACTIVE
++++++ basename metrics.sh .sh
+++++ local ncp_app=metrics
+++++ local cfg_file=/usr/local/etc/ncp-config.d/metrics.cfg
+++++ [[ -f /usr/local/etc/ncp-config.d/metrics.cfg ]]
++++++ cat /usr/local/etc/ncp-config.d/metrics.cfg
+++++ local 'cfg={
"id": "metrics",
"name": "System Metrics, that can be collected by an external server",
"title": "System Metrics",
"description": "Prometheus (https://prometheus.io) compatible metrics for things like, CPU/memory/disk usage etc.",
"info": "In order to use these metrics, you will need to setup at least an external Prometheus instance. You can find a quick and easy way to start at https://github.com/theCalcaholic/ncp-monitoring-dashboard",
"infotitle": "External service required",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "USER",
"name": "Metrics User",
"value": "monitoring-user",
"suggest": "metrics"
},
{
"id": "PASSWORD",
"name": "Metrics Password",
"value": "",
"type": "password"
}
]
}'
++++++ jq '.params | length'
+++++ local len=3
+++++ (( i = 0 ))
+++++ (( i < len ))
++++++ jq -r '.params[0].id'
+++++ local p_id=ACTIVE
+++++ [[ ACTIVE == \A\C\T\I\V\E ]]
+++++ echo 0
+++++ return 0
++++ local p_num=0
++++ jq -r '.params[0].value'
+++ local param_active=yes
+++ [[ yes == yes ]]
+++ echo yes
++ METRICS_IS_ENABLED=yes
++ echo 'INFO: Metrics enabled: yes'
INFO: Metrics enabled: yes
++ echo '### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###'
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
++ echo ''
++ cat
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -n cloud.my-domain.com ]]
++ echo ' ServerName cloud.my-domain.com'
ServerName cloud.my-domain.com
++ LETSENCRYPT_CERT_BASE_PATH=/etc/letsencrypt/live/cloud.my-domain.com
++ [[ -d /etc/letsencrypt/live/cloud.my-domain.com ]]
+++ find /etc/letsencrypt/live -type d -name 'cloud.my-domain.com*' -printf '%T@ %p\n'
+++ sort -n
+++ cut -f2 '-d '
+++ tail -1
++ LETSENCRYPT_CERT_BASE_PATH=
++ [[ -d '' ]]
++ [[ -d /etc/letsencrypt/live/ncp-nextcloud ]]
++ LETSENCRYPT_CERT_BASE_PATH=/etc/letsencrypt/live/ncp-nextcloud
++ [[ -d /etc/letsencrypt/live/ncp-nextcloud ]]
++ LETSENCRYPT_CERT_PATH=/etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
++ LETSENCRYPT_KEY_PATH=/etc/letsencrypt/live/ncp-nextcloud/privkey.pem
++ cat
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/ncp-nextcloud/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ncp-nextcloud/privkey.pem
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ yes == yes ]]
++ cat
<Location /metrics/system>
ProxyPass http://localhost:9100/metrics
Order deny,allow
Allow from all
AuthType Basic
AuthName "Metrics"
AuthUserFile /usr/local/etc/metrics.htpasswd
<RequireAll>
<RequireAny>
Require host localhost
Require valid-user
</RequireAny>
</RequireAll>
</Location>
++ cat
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
++ [[ -f /.ncp-image ]]
++ echo 'Apache self check:'
++ apache2ctl -t
pi@nextcloudpi:~ $ set +x
pi@nextcloudpi:~ $