Files opening problem after change SSL encryption key and update to nextcloud 10.x.x

Hello, i would like to ask why at time that i changed “Let’s Encrypt” SSL encryption key, many files aren’t opening, but instead of that displaying errors like “Module with id: OC_DEFAULT_MODULE does not exist.”. I 'm worrying about this because “Let’s Encrypt” is free of use but with manually updating every 4 months. So what’s about that, every time that the SSL key will update many files will not open? Can someone explain to me how can i prevent this problem showing again, on next update key update, or telling me if am i doing something wrong?

Thanks.

Are you talking of the encryption app? Do you use it? It has nothing to do with SSL transport encryption. SSL encryption is directly implemented in your webserver and browser, there are no modules or anything you need for this in Nextcloud itself. Perhaps you changed something else, or it is just a coincidence? Can you give more details?

First of all thank you for your reply and help @tflidd, i appreciate it.
Before couple of days when my client wanted to login on his account, he couldn’t because website was down with error 500 “can’t handle this request”. After he inform me about this problem i couldn’t fix this and i found many more information about my SSL that could not be valid anymore. As i explained before, i was and i 'm still using Let’s Encrypt for https mode in my server/website. Then i did the update of the keys and when i tried to visit the cloud, message had pop up. Like “nextcloud will update in 10.0.1” and many apps will need to update also. When everybody tried to login files were there, propably from oc_filecache, but when i.e. i tried to open or download many of my uploaded files the server was like “Module with id: OC_DEFAULT_MODULE does not exist.”. I searched about it and someone mentioned “try downloading directly from the root/server directory”, but still nothing. User’s files Directories had two files “files” and “files_encryption” (where it had two more files “keys” and “OC_DEFAULT_MODULE” inside it). In both cases, trying to downloading files from root/server directories of user’s data or from their accoun. Files won’t open displaying in first case, which was from root/server directory, i.e. on doc documents this message (look the image below) and in the second case where i tried to download it from the cloud it pop up “Module with id: OC_DEFAULT_MODULE does not exist.”. Those files are prototype for my client and it’s necessary to find a solution. Please it’s critical to me…
Thanks in advance!

These are different things. First, you encrypt your connection using SSL. You can use certificates from letsencrypt and you can check your ssl configuration on ssllabs.com. This is independent from Nextcloud and should work properly.

The problem you have is that you have enabled the encryption app. This app encrypts all files on your filesystem. Make sure after the upgrade, that the encryption app is activated and you can access the files through web-interface. The screen-shot you are showing is actually the encrypted version of a file. You updated from NC 9? Or from owncloud?

These are different things. First, you encrypt your connection using SSL. You can use certificates from letsencrypt and you can check your ssl configuration on ssllabs.com. This is independent from Nextcloud and should work properly.

The problem you have is that you have enabled the encryption app. This app encrypts all files on your filesystem. Make sure after the upgrade, that the encryption app is activated and you can access the files through web-interface. The screen-shot you are showing is actually the encrypted version of a file. You updated from NC 9? Or from owncloud?

Dear @tflidd thank you in advance for your help and for explaining it to me better.
The answer to your question about the upgrade was from NC 9, but i can’t tell you the version exactly.
Please i 'm desperate with this problem and my client will probably move legally against me
.

Normally, the is an app called “Default encryption module” that must be enabled. It should be in the list of not-enabled apps.

There are more details of the encryption app in the owncloud docs (at this version, this should be very similar, if not identical, to Nextcloud):
https://doc.owncloud.org/server/9.1/admin_manual/configuration_files/encryption_configuration.html

Normally, the is an app called “Default encryption module” that must be enabled. It should be in the list of not-enabled apps.

There are more details of the encryption app in the owncloud docs (at this version, this should be very similar, if not identical, to Nextcloud):
https://doc.owncloud.org/server/9.1/admin_manual/configuration_files/encryption_configuration.html

Dear @tflidd,
i tried using “Enabling Users File Recovery Keys”, but nothing happens. The files seems to be still encrypted.
So i 'm wondering how is possible to run this command “occ encryption:decrypt-all [username]”?
I have VPS with CentOS 6.8, full ssh login. Can you help me a little bit, how can i try and run this command,
because i think is my last change otherwise im done…
Thank you in advance for your help!

I think the recovery keys must be turned on by the user as well. So running the occ-command probably requires a user password (without the recovery key).

If it is so important for you, why don’t you make a backup before an upgrade?

I think the recovery keys must be turned on by the user as well. So running the occ-command probably requires a user password (without the recovery key).

If it is so important for you, why don’t you make a backup before an upgrade?

@tflidd,
So my question is how can i run that command in ssh?
I was stressed out, the time cloud/website was down.
The only backup i took before i take an update was the files but not the DB.

Probably something like
sudo -u apache php /path/to/nextcloud/occ encryption:decrypt-all [username]

1 Like

Well thank you @tflidd for your help,
Somehow seems to work, at half. I tried new fresh install nextcloud and copying the user’s files on new data file and after that i run in command as you said “sudo -u [username] php occ encryption:decrypt-all” and it returns this message

" [OC\Encryption\Exceptions\DecryptionFailedException] Encryption library: Decryption (symmetric) of content failed:"
Thank you in advance, i appreciate it all this help!

there is not more information? Not even in the logfiles? Or add this to make the command more verbose:
sudo -u apache php /path/to/nextcloud/occ -vvv encryption:decrypt-all [username]

1 Like

there is not more information? Not even in the logfiles? Or add this to make the command more verbose:
sudo -u apache php /path/to/nextcloud/occ -vvv encryption:decrypt-all [username]

@tflidd when i tried that command the return message is:
“Files for following users couldn’t be decrypted,
maybe the user is not set up in a way that supports this operation:
[username]”

Now that i loged in as user, and tried to open a document he uploaded i get this message/error:
“Nextcloud
Service Unavailable
Encryption not ready: Private Key missing for user: please try to log-out and log-in again
While in data/user/files_encryption/OC_DEFAULT_MODULE there are both keys, as private as public!”

Then i enabled default encryption module, again as server side also. I logout and login to user account, trying the same document if it’s opens and error displays:
File not found
The file … not found. Check the url and etc

This is strange, especially if you can see that there are the corresponding keyfiles. I haven’t used the encryption app for a long time so I can’t tell you more than there is in the documentation. But you could open a bug report on github.com/nextcloud/server/issues
The developers can give you more information what might be wrong.

1 Like

@tflidd Thank you in advance for your help.
Now i realize that the url of the file that needs to open is not like “apps/files/?dir=/[FileName]/NewsLetters&fileid=16#loading” but for the current user is “remote.php/webdav/[FileName]/etc/doc.doc”

I think that this is not only encryption problem, by the time the file tried to open but the path that it can’t find it!

Then I would try the following:
Take a fresh setup, upload a few file with the encryption app. Check the data-folder how files are organized. Try to decrypt these files via terminal.
If you suceed, you can create a user with the same username/password of the user you want to restore the files. Then login, create all keys. Logout again, then change all the encryption keys and files (keyfiles for each file and the principal of the user). Then run occ files:scan username. Try to login and access the files.

After a lot of fiddling with the files I managed to get them back, BUT - files newer than September are corrupted - that’s ok, because I’ve got them on my laptop. Is there a way to reupload those files? Or can I delete all files newer than this date so they get re uploaded?
Thanks for helping

Be careful that the client doesn’t think that they have been deleted and deletes the files as well. So back up all data before you sync it again.

In order to sync properly, I would move the files out of the sync folder, then connect the client again and let it sync with the server before putting all files back.