I attempted an automatic upgrade of my NextCloud instance from version 25.0.3.2 to 27.1.3.2. But the update process failed, and somehow, decided to delete my config.php. I figured that was no big deal, since it was literally only one file and all my nextcloud data is in a separate directory from the web files.
Unfortunately, I was wrong. I immediately started getting strange errors, and was unable to fix my config so I scrapped it and installed 27.1.3.2 fresh, pointing it to my existing MariaDB and data directory. It came up right away when I put the right database in, but small problem… Whenever I log in, I get an “Internal Server Error” message.
The log file shows this error:
hash_hkdf(): Argument #2 ($key) cannot be empty in file ‘/var/www/nextcloud/lib/private/Security/Crypto.php’ line 160
I know that it can tell my password for admin and other accounts, because if you use the wrong one it simply says “Wrong password” instead of “Internal server error.” I tried using the occ user:resetpassword command to reset my password, but still have the same error.
I am currently running Debian 11and the server is Nginx with PHP 8.0. All system packages up to date. Also I should mention that my Nextcloud data isn’t encrypted (afaik). I use full disk encryption, so I saw that as unnecessary. So I don’t know why I’m having these problems.
My guess is you’re missing the secret from your old installation. Try pulling that from a backup. You may even be able to find a backup from a past update/upgrade in <datadirectory>/updater-<instanceId>/backups
More details on this part would be informative (e.g. how precisely you attempted the update/upgrade? What you experienced in terms of the the failure?). This obviously should not have happened. It may provide some clues about other issues occurring in your environment.
Hi @jtr. I checked for backups in the updater-<instanceId>/backups folder, which does exist, but it doesn’t contain a file named config.php or a config directory.
I used the “update” button inside of Nextcloud GUI to update, since I didn’t install Nextcloud through snap or docker, so it seemed like the best way to update.
The update failed during the “backup” phase so that may be why. But a backup shouldn’t delete files… I could never find the specific error because it deleted the log files in /var/log on top of the config! But it doesn’t seem to have deleted anything in the data folder (which I keep on a separate disk). I have backups of the data folder that run regularly, too. But I never thought to backup config.php or anything else in the /var/www/nextcloud directory, it didn’t seem important.
My only theory is that it could have happened because my OS partition was only ~10GB with 2.5-ish GB free. As a result I moved the OS to a much larger partition in case that was too little overhead. But it’s not like the disk had zero bytes left, even after failing, and surely the updater should give a warning if out of disk space?
Hmm. The Updater has its own independent log. It logs to <datadirectory>/updater.log by default. That file should exist, and have a full record of what occurred during the upgrade attempt(s). If you can find it, that might be insightful.
As for your situation now, secret is used in many places. Without the old one, it mostly impacts authentication (user passwords, app passwords, external storage mount credentials). Fortunately it sounds like you’re not using the encryption app so that’s not a factor at least.
Is there a secret (albeit a new one) in your currently active config.php? Off the top of my head I would think resetting your passwords one-by-one (and clearing your browser cookies probably) would be sufficient. You may want to try logging in from a Private Browsing session after you reset your password via occ to see if that lets you in without the error at that point.
Unfortunately I can’t find update.log. That may be on me though, I was messing with the files in that backup folder while desperately looking for a backup config.php file.
And yes it seems to have created a new secret value in config.php when I reinstalled the latest NextCloud. It also created a new instance ID, but I’ve already tried setting that to the old value (I found another thread on here that said to find the old instance ID from the name of the ‘appdata’ folder in the data directory.)
I just attempted occ user:resetpassword again then logging in from a private browser window, but unfortunately I get the same Internal Server Error.
EDIT: So, I decided to actually go into that Crypto.php file where the error is occurring at line 160. I’m not a PHP developer but it’s got somewhat typical syntax of languages I’m used to. I basically just replaced the whole function with one that just returns a random string to see what happens. Shockingly, it actually worked! I was immediately allowed to log into Nextcloud with no further errors. I can see that all of my data and settings is fully intact, too. Even the theme I had installed is still set.
Slight problem. Now I can literally type in any random password and it works. This is obviously not ideal, lol. So I changed Crypto.php back. But an interesting experiment nonetheless.
