I see some older posts about this issue, but my question is:
For a Nextcloud snap install, is this the right command to renew the https certificate?
sudo nextcloud.enable-https lets-encrypt renew
Or should I leave out ârenewâ at the end?
When I type sudo nextcloud.enable-https -h I see it says the original lets-encrypt command should automatically keep the certificate up-to-date, but I recently got a renewal warning via email.
When typing the command with ârenewâ at the end, I do get the message:
Attempting to obtain certificates⌠done
find: Failed to restore initial working directory: /home/username: Permission denied
Restarting apache⌠done
I donât know if the error message in the middle is a problem, but my Nextcloud seems unaffected.
kyrofa
October 5, 2022, 3:36pm
2
The snap should be renewing them automatically, so you shouldnât need to do this. Are you seeing issues with that process?
Yes, I got an email this week from expiry@letsencrypt.org starting with:
Your certificate (or certificates) for the names listed below will expire in 19days. Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
I didnât want to risk it not renewing, so I entered the command
sudo nextcloud.enable-https lets-encrypt renew
I donât mind renewing manually, but wonder why itâs not working automatically. Ports 80 and 443 are open.
kyrofa
October 5, 2022, 4:02pm
4
Letâs take a gander at your logs. Can I see the output of sudo snap logs -n 100 nextcloud.renew-certs
, please?
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: Processing
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: Cert not yet due for renewal
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: The following certs are not due for renewal yet:
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: No renewals were attempted.
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: No hooks were run.
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: Processing
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: Cert not yet due for renewal
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: The following certs are not due for renewal yet:
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: No renewals were attempted.
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: No hooks were run.
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: Processing
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: Cert not yet due for renewal
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: The following certs are not due for renewal yet:
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: No renewals were attempted.
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: No hooks were run.
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: Processing
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: Cert not yet due for renewal
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: The following certs are not due for renewal yet:
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: No renewals were attempted.
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: No hooks were run.
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
kyrofa
October 5, 2022, 4:18pm
6
That sounds healthy to me. I think youâre in good shape. Iâm not sure what the email from LE is about.
Thanks, but isnât that because I ran the renew command today?
kyrofa
October 5, 2022, 5:40pm
8
No-- there is no renew command. You can see the cert is fine all the way back to a few days ago:
1 Like
Ah, ok, thanks. So I guess the command âsudo nextcloud.enable-https lets-encrypt renewâ either doesnât do anything, or doesnât do anything if a certificate is not in need of renewal.
I really appreciate the support and teaching here.
kyrofa
October 5, 2022, 8:00pm
10
Iâm pretty sure the ârenewâ part of the command you ran was just completely ignored, is all. There is no renew command available, since the snap is made to just take care of that for you.
bnobre
August 8, 2023, 7:21am
11
Hi,
Is your certificate automatically renewed?