Integrity check failed for .htaccess

ℹ️ Support
, ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • Nextcloud Hub 10 (31.0.1)
  • Operating system and version (e.g., Ubuntu 24.04):
    • Linux (kernel version 4.18.0-553.42.1.el8_10.x86_64) (my hosting provider doesn’t say more than that)
  • Web server and version (e.g, Apache 2.4.25):
    • Apache 2.4.63
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • I don't know
  • PHP version (e.g, 8.3):
    • PHP 8.3 (ea-php83)
  • Is this the first time you’ve seen this error? (Yes / No):
    • it's a fresh installation
  • When did this problem seem to first start?
    • it's always been there since first installation (a week ago)
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • setup-nextcloud.php
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • I don't know

Summary of the issue you are facing:

Since the installation (around ten days ago) Nextcloud has always complained about .htaccess.

type or paste code here

Today I updated Nextcloud to 31.0.1 thinking this could solve the problem but it didn’t so I decided to troubleshoot. I found a post on this forum saying that .htaccess could be downloaded and replaced.

I went to Index of /server/releases, downloaded latest-31.tar.bz2, extracted .htaccess and uploaded to my site through cPanel upload function. I ran the check but the check still fails because of .htaccess.

According to .htaccess date it’s been updated as it dates back to 20 minutes ago. Permission is 0644 as it was before the update.

Nextcloud error message is now saying:

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- .htaccess

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [.htaccess] => Array
                        (
                            [expected] => 11fa1c20bce060406cf3f1dadc2f352fc3366fc1e8f4869c63f14312b14f35637e7823072295f810355527cce160b90463de9108ee9167d439b72a140a858b18
                            [current] => 3d7da327f5e0dfd3fe99670626d2a22cfb5f24db86d57099a83938ffb4d8cf01f676f2b1859f3c442a5bb38166646a2855f3d3e07bb5096aed82667142f4bb95
                        )

                )

        )

)

[…]

Steps to replicate it (hint: details matter!):

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

No new log lines are generated when the integrity check runs

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

PASTE

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
2

Hi @mpolito1969,

Have you already tryed the → nc-integrity-fix ← script ?

h.t.h.

ernolf

4

In rudimentary terms:
It queries the database for registered errors:

SELECT configvalue FROM oc_appconfig WHERE appid = 'core' AND configkey = 'oc.integritycheck.checker';

It then rescans the affected apps to compare the file hashes with the registered hashes in signature.json.
If the hashes are indeed corrupted, it asks whether the file(s) should be replaced with files downloaded from github from the exact same GitHub tag as the running server.
Than its scans again to check if the error got fixed. If so, the errors are removed from the database:

DELETE FROM oc_appconfig WHERE oc_appconfig.appid = 'core' AND oc_appconfig.configkey = 'oc.integritycheck.checker';

Ideally, that leads to success.

You can read the code → here ←

h.t.h.

Much and good luck,
ernolf

5

EDIT: sorry ernolf, you replied while I was rewritting my previous comment. Let me check your answer and I’ll get back with a final “thank you” or some more questions :slight_smile:

Hi ernolf, thanks for your reply.

Unfortunately I don’t have access to the server command line, I can’t go any further than my cPanel (I’m on a web host).

However, I have understood why the checksum keeps being refused even after I upload the .htaccess taken from the original .bz2 archive.

This is the sequence that causes (and also explains) my issue.:

  1. I install Nextcloud and make the first access to the home page;
  2. I read the error message:

This version of Nextcloud requires at least PHP 8.1
You are currently running 8.0.30. Please update your PHP version.

  1. I go to my site cPanel → MultiPHP Manager and I specify that I want PHP 8.3 on that domain;
  2. cPanel update the original .htaccess by adding the following lines to the end:
# php -- BEGIN cPanel-generated handler, do not edit
<IfModule fcgid_module>
    <IfModule mime_module>
        AddHandler fcgid-script .php .php8 .phtml
        FcgidWrapper /usr/local/cpanel/cgi-sys/ea-php83 .php
        FcgidWrapper /usr/local/cpanel/cgi-sys/ea-php83 .php8
        FcgidWrapper /usr/local/cpanel/cgi-sys/ea-php83 .phtml
    </IfModule>
</IfModule>

# php -- END cPanel-generated handler, do not edit
  1. at this point Nextcloud no longer shows the error message about PHP version on the home page but .htaccess file checksum is broken and Nextcloud correctly reports it.

As this is a good .htaccess file (I have compared it with the official released version and they only differs for the above few lines) I’m asking if there is a way to tell Nextcloud that the right checksum for .htaccess is the one of the current .htaccess not the one of the released one.

Do you know if this is possible?

If not, is there a way to create a sort of “white list” so that files in this list are not checked by Nextcloud? If so I could just add my modified .htaccess file to it and close the issue.

If not… do you have any idea about a solution that could be a bit better than just ignoring Nextcloud error report? I like having no warning and all my logs cleaned :slight_smile:

Regards,
Massimiliano

6

No. It is not possible but there is a workaround:

Replace the htaccess with the vanila one and do a rescan from within the admin pannel.
Wait for it to finalize.
If there are no more complaints about INVALID_HASHes, write back the changes into your htaccess again and then it should be quiet, as long as you dont scan again.

h.t.h.

ernolf

7

I tried your suggestion but I can’t… when I replace my modified .htaccess with the vanilla one and click on “rescan”, Nextcloud shows the PHP error message:

This version of Nextcloud requires at least PHP 8.1
You are currently running 8.0.30. Please update your PHP version.

I’m stuck… if I use the .htaccess from the official release Nextcloud doesn’t work because of the PHP error and if I use the modified one I Nextcloud works but I get that integrity check error.

Anyway, I’ve found a lot of signature.json files. I guess they contain the right checksum for each file. Why couldn’t I just modify the one containing the .htaccess checksum and fix the issue this way?

I would be happy to make an attempt and see what happens but I don’t know what is the signature.json containing .htaccess checksum.

I wish I could have a shell access, run a “grep” and get to that file…

I think I can’t do anything else but living with the inconsistency. Can I?

Regards,
Massimiliano

8

If you do that, you’l get

- core
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature could not get verified.

as error, instead of the detailed

- core
	- INVALID_HASH
		- core/.htaccess

so it would make you blind for other integrity errors, which in fact is even worse.

What is your problem with that message if you know why it happens?

If you don’t like that, you should move to a better hoster.

Much and good luck,
ernolf

9

Ernolf,

Thank you for your support. I think I can live with that error message.

Regards,
Massimiliano

1 Like
10

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.