Support intro
Sorry to hear youâre facing problems
help.nextcloud.com is for home/non-enterprise users. If youâre running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
example
Or for longer, use three backticks above and below the code snippet:
longer
example
here
Some or all of the below information will be requested if it isnât supplied; for fastest response please provide as much as you can
Nextcloud version (eg, 12.0.2): 16.0.5
Operating system and version (eg, Ubuntu 17.04): Ubuntu 19.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.38/nginx 1.15.9
PHP version (eg, 7.1): 7.2.24
The issue you are facing: My SSL cert through LE is failing to be renewed. It worked when I first set up Nextcloud, however now Iâm unable to renew the cert. I keep running into a connection refused error.
root@localhost:~# nextcloud.enable-https lets-encrypt
In order for Let's Encrypt to verify that you actually own the
domain(s) for which you're requesting a certificate, there are a
number of requirements of which you need to be aware:
1. In order to register with the Let's Encrypt ACME server, you must
agree to the currently-in-effect Subscriber Agreement located
here:
https://letsencrypt.org/repository/
By continuing to use this tool you agree to these terms. Please
cancel now if otherwise.
2. You must have the domain name(s) for which you want certificates
pointing at the external IP address of this machine.
3. Both ports 80 and 443 on the external IP address of this machine
must point to this machine (e.g. port forwarding might need to be
setup on your router).
Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): [redacted]
Please enter your domain name(s) (space-separated): [redacted].net
Attempting to obtain certificates... error running certbot:
Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for [redacted].net
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain [redacted].net
http-01 challenge for [redacted].net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: [redacted].net
Type: connection
Detail: Fetching
http://[redacted].net/.well-known/acme-challenge/fKfzMgFrXiXs_AQzTI4oSezxFsTIf13ISi-5qbKt194:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
The full log is here: https://pastebin.com/ud69Ysb3
Is this the first time youâve seen this error? (Y/N): Y
Steps to replicate it:
- Set up SSL cert with Letâs Encrypt as listed in the docs.
- Wait three months.
- Try to renew.
The output of your Nextcloud log in Admin > Logging:
n/a
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/snap/nextcloud/current/htdocs/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
'url' => '/extra-apps',
'writable' => true,
),
),
'supportedDatabases' =>
array (
0 => 'mysql',
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/sockets/redis.sock',
'port' => 0,
),
'instanceid' => 'oc4rlz5glym1',
'passwordsalt' => '[redacted]',
'secret' => '[redacted]',
'trusted_domains' =>
array (
0 => 'localhost',
1 => '[redacted].net',
),
'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data',
'dbtype' => 'mysql',
'version' => '16.0.5.1',
'overwrite.cli.url' => 'http://localhost',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:/tmp/sockets/mysql.sock',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '[redacted]',
'installed' => true,
'twofactor_enforced' => 'false',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
'maintenance' => false,
'loglevel' => 2,
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
);
The output of your Apache/nginx/system log in /var/log/____
:
(not sure if this is relevant)
[Tue Oct 29 01:39:18.053575 2019] [mpm_event:notice] [pid 18562:tid 140060526131072] AH00491: caught SIGTERM, shutting down
[Tue Oct 29 01:39:20.967597 2019] [ssl:warn] [pid 20460:tid 139807152490368] AH01909: ::1:443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 29 01:39:20.974642 2019] [ssl:warn] [pid 20460:tid 139807152490368] AH01909: ::1:443:0 server certificate does NOT include an ID which matches the server name
[Tue Oct 29 01:39:20.975751 2019] [mpm_event:notice] [pid 20460:tid 139807152490368] AH00489: Apache/2.4.41 (Unix) OpenSSL/1.0.2g configured -- resuming normal operations
[Tue Oct 29 01:39:20.975777 2019] [core:notice] [pid 20460:tid 139807152490368] AH00094: Command line: 'httpd -d /snap/nextcloud/16739 -D EnableHTTPS -D EnableHSTS -D FOREGROUND'
[Tue Oct 29 01:39:20.976656 2019] [unixd:alert] [pid 20463:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
[Tue Oct 29 01:39:20.977545 2019] [unixd:alert] [pid 20462:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
[Tue Oct 29 01:39:20.978464 2019] [unixd:alert] [pid 20461:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
[Tue Oct 29 01:43:44.222383 2019] [unixd:alert] [pid 20834:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive