Internal Server Error after updating to NC 15.0 [solved]

adee · December 10, 2018, 1:38pm

Solution:

Solution: I missed the (new?) entry in config/config.php.

openssl' =>
  array (
    config' => '/absolute/location/of/openssl.cnf',
  ),

I’ve edit the entry. Login is now possible.
Sorry for this post and many thanks to Schmu for the help.

Original entry

Nextcloud version (eg, 12.0.2): 15.0
Operating system and version (eg, Ubuntu 17.04): Debian 4.9.110-3+deb9u6
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.25
PHP version (eg, 7.1): php7.0
OpenSSL version_: OpenSSL 1.1.0j

The issue you are facing:

Today I updated nextcloud from 14.0.4 to 15.0. During the installation the system said that the app “user_external” is not compatible. I changed the file “nextcloud/apps/user_external/appinfo/info.xml” from “<nextcloud min-version=‘13’ max-version=‘14’” to '<nextcloud min-version=‘13’ max-version=‘15 />’" />". Maybe not the smartest move…
The update ran successfully afterwards.
However, logging in is not possible anymore. I always get an internal server error.

Is this the first time you’ve seen this error? (Y/N): Yes

The output of your Nextcloud log in Admin > Logging:

{"reqId":"wy0wxaWYfrdym9Hji8Gn","level":3,"time":"December 10, 2018 14:13:15","remoteAddr":"xxx.xxx.xxx.xxx","user":"<USER>","app":"PHP","method":"POST","url":"\/index.php\/login","message":"openssl_pkey_export(): cannot get key from parameter 1 at \/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php#298","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.113 Safari\/537.36 Vivaldi\/2.1.1337.51","version":"15.0.0.10"}
{"reqId":"wy0wxaWYfrdym9Hji8Gn","level":3,"time":"December 10, 2018 14:13:15","remoteAddr":"xxx.xxx.xxx.xxx","user":"<USER>","app":"index","method":"POST","url":"\/index.php\/login","message":{"Exception":"TypeError","Message":"openssl_pkey_get_details() expects parameter 1 to be resource, boolean given","Code":0,"Trace":[{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":301,"function":"openssl_pkey_get_details","args":[false]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":70,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":69,"function":"generateToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":641,"function":"generateToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/core\/Controller\/LoginController.php","line":332,"function":"createSessionToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":166,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/nextcloud\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/var\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":301,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.113 Safari\/537.36 Vivaldi\/2.1.1337.51","version":"15.0.0.10"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' =>
  array (
    0 => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    1 => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'version' => '15.0.0.10',
  'dbtype' => 'mysql',
  'dbhost' => 'localhost',
  'dbname' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'dbuser' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'dbpassword' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'dbtableprefix' => 'oc_',
  'installed' => true,
  'default_language' => 'de',
  'defaultapp' => 'files',
  'knowledgebaseenabled' => true,
  'allow_user_to_change_display_name' => true,
  'remember_login_cookie_lifetime' => 1296000,
  'session_lifetime' => 86400,
  'session_keepalive' => true,
  'token_auth_enforced' => false,
  'auth.bruteforce.protection.enabled' => true,
  'skeletondirectory' => '/var/www/nextcloud/core/skeleton',
  'user_backends' =>
  array (
    0 =>
    array (
      'class' => 'OC_User_IMAP',
      'arguments' =>
      array (
        0 => '{imap.gmail.com:993/imap/ssl}INBOX',
      ),
    ),
  ),
  'lost_password_link' => 'disabled',
  'mail_domain' => 'example.com',
  'mail_from_address' => 'nextcloud',
  'mail_smtpdebug' => false,
  'mail_smtpmode' => 'sendmail',
  'mail_smtphost' => '127.0.0.1',
  'mail_smtpport' => '25',
  'mail_smtptimeout' => 10,
  'mail_smtpauthtype' => 'LOGIN',
  'overwritehost' => '',
  'overwriteprotocol' => '',
  'overwritewebroot' => '',
  'overwritecondaddr' => '',
  'overwrite.cli.url' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    'htaccess.RewriteBase' => '/nextcloud',
  'htaccess.IgnoreFrontController' => false,
  'proxy' => '',
  'proxyuserpwd' => '',
  'trashbin_retention_obligation' => 'auto',
  'versions_retention_obligation' => 'auto',
  'appcodechecker' => true,
  'updatechecker' => true,
  'updater.server.url' => 'https://updates.nextcloud.com/updater_server/',
  'updater.release.channel' => 'stable',
  'has_internet_connection' => true,
  'check_for_working_webdav' => true,
  'check_for_working_wellknown_setup' => true,
  'check_for_working_htaccess' => true,
  'config_is_read_only' => false,
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud.log',
  'loglevel' => 2,
  'syslog_tag' => 'Nextcloud',
  'log.condition' =>
  array (
    'shared_secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    'users' =>
    array (
      0 => 'sample-user',
    ),
    'apps' =>
    array (
      0 => 'files',
    ),
  ),
  'logdateformat' => 'F d, Y H:i:s',
  'logtimezone' => 'Europe/Berlin',
  'log_query' => false,
  'cron_log' => true,
  'log_rotate_size' => false,
  'customclient_desktop' => 'https://nextcloud.com/install/#install-clients',
  'customclient_android' => 'https://play.google.com/store/apps/details?id=com.nextcloud.client',
  'customclient_ios' => 'https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8',
  'appstoreenabled' => true,
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/nextcloud/apps',
      'url' => '/apps',
      'writable' => true,
    ),
  ),
  'enable_previews' => true,
  'preview_max_x' => 2048,
  'preview_max_y' => 2048,
  'preview_max_scale_factor' => 10,
  'preview_max_filesize_image' => 50,
  'preview_libreoffice_path' => '/usr/bin/libreoffice',
  'preview_office_cl_parameters' => ' --headless --nologo --nofirststartwizard --invisible --norestore --convert-to pdf --outdir ',
  'enabledPreviewProviders' =>
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\BMP',
    4 => 'OC\\Preview\\XBitmap',
    5 => 'OC\\Preview\\MP3',
    6 => 'OC\\Preview\\TXT',
    7 => 'OC\\Preview\\MarkDown',
  ),
  'ldapUserCleanupInterval' => 51,
  'comments.managerFactory' => '\\OC\\Comments\\ManagerFactory',
  'systemtags.managerFactory' => '\\OC\\SystemTag\\ManagerFactory',
  'maintenance' => false,
  'openssl' =>
  array (
    'config' => '/absolute/location/of/openssl.cnf',
  ),
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcached_servers' =>
  array (
    0 =>
    array (
      0 => 'localhost',
      1 => 11211,
    ),
  ),
  'cache_path' => '',
  'cache_chunk_gc_ttl' => 86400,
  'sharing.managerFactory' => '\\OC\\Share20\\ProviderFactory',
  'sharing.maxAutocompleteResults' => 0,
  'sharing.minSearchStringLength' => 0,
  'dbdriveroptions' =>
  array (
    1012 => '/file/path/to/ca_cert.pem',
    1002 => 'SET wait_timeout = 28800',
  ),
  'sqlite.journal_mode' => 'DELETE',
  'mysql.utf8mb4' => false,
  'supportedDatabases' =>
    array (
    0 => 'sqlite',
    1 => 'mysql',
    2 => 'pgsql',
    3 => 'oci',
  ),
  'tempdirectory' => '/var/www/nextcloud/data/nextcloudtemp',
  'hashingCost' => 10,
  'blacklisted_files' =>
  array (
    0 => '.htaccess',
  ),
  'share_folder' => '/',
  'theme' => '',
  'cipher' => 'AES-256-CFB',
  'minimum.supported.desktop.version' => '2.0.0',
  'quota_include_external_storage' => false,
  'filesystem_check_changes' => 0,
  'part_file_in_storage' => true,
  'mount_file' => '/var/www/nextcloud/data/mount.json',
  'filesystem_cache_readonly' => false,
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_proxies' =>
  array (
    0 => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    1 => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  ),
  'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED',
    1 => 'HTTP_FORWARDED_FOR',
  ),
  'max_filesize_animated_gifs_public_sharing' => 10,
  'filelocking.enabled' => true,
  'filelocking.ttl' => 3600,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.debug' => false,
  'upgrade.disable-web' => false,
  'debug' => false,
  'data-fingerprint' => '',
  'lookup_server' => 'https://lookup.nextcloud.com',
  'mail_smtpauth' => 1,
);

The output of your Apache/nginx/system log in /var/log/____:

no entry exists

Can someone help me fix this?

Schmu · December 10, 2018, 1:55pm

If this problem is caused by the external_user app, then I suggest to disable it via command line.

Try:
sudo -u www-data php /var/www/nextcloud/occ app:disable user_external

I hope “user_external” is the correct app name. If that command doesn’t work, check the correct app name via:
sudo -u www-data php /var/www/nextcloud/occ app:list

Good luck!

adee · December 10, 2018, 2:04pm

The command worked.

 Disabled:
  - encryption
  - files_external
  - user_external
  - user_ldap

Unfortunately it didn’t work.
According to the error message the error may be found in the file /var/www/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php (line: 298).

// Generate new key
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privateKey);

Schmu · December 10, 2018, 2:09pm

Maybe the two-factor authentication then?
Obviously I’m no developer and can’t really help to fix the issue, I’m just trying to help to get your server running again. So maybe worth a try to disable the apps regarding two-factor auth as well.

If that doesn’t help, the best idea is probably to open an issue on Github:

I suggest to post your openssl version in your issue as well then.

adee · December 10, 2018, 2:19pm

Thanks for your help.

I don’t have an app for “two-factor authentication”. I only have “twofactor_backupcodes” and “oauth2”. I’m not allowed to deactivate one of them.

If I can’t find a solution here, I’ll publish an article on GitHub. Thanks for the hint.

Edit:

I found an old GitHub post: https://github.com/nextcloud/server/issues/11227
I have added the entry “var_dump(openssl_error_string()); exit();” to the file PublicKeyTokenProvider.php in line 300 and get the error message “string(61) ‘error:02001002:system library:fopen:No such file or directory’”. Unfortunately the solution in the entry does not work for me.

Edit 2: Solution found (see post #1)

Schmu · December 10, 2018, 3:15pm

Hi,

I’m glad you were able to solve your issue. However, I do not understand, what has worked now out of the sudden
Could you shortly explain, what did the trick?

adee · December 11, 2018, 7:32am

Could you shortly explain, what did the trick?

I searched for the error message (cannot get key from parameter 1 at /var/www/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php#298) and found the error on GitHub. Thanks again for the tip with GitHub.
There they talked about the file openssl.cnf and permissions. I searched all files below /nextcloud for “openssl.cnf” and found the entry
“config’ => ‘/absolute/location/of/openssl.cnf’,” in /nextcloud/config/config.php.
The entry must have been added with version 15.0. It was definitely not there before.
I changed the entry to “/etc/ssl/openssl.cnf” and was able to log in again.