Sorry to hear you’re facing problems
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
Or for longer, use three backticks above and below the code snippet:
longer example here
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can
Nextcloud version (eg, 12.0.2): 16.0.5
Operating system and version (eg, Ubuntu 17.04): Ubuntu 19.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.38/nginx 1.15.9
PHP version (eg, 7.1): 7.2.24
The issue you are facing: My SSL cert through LE is failing to be renewed. It worked when I first set up Nextcloud, however now I’m unable to renew the cert. I keep running into a connection refused error.
root@localhost:~# nextcloud.enable-https lets-encrypt In order for Let's Encrypt to verify that you actually own the domain(s) for which you're requesting a certificate, there are a number of requirements of which you need to be aware: 1. In order to register with the Let's Encrypt ACME server, you must agree to the currently-in-effect Subscriber Agreement located here: https://letsencrypt.org/repository/ By continuing to use this tool you agree to these terms. Please cancel now if otherwise. 2. You must have the domain name(s) for which you want certificates pointing at the external IP address of this machine. 3. Both ports 80 and 443 on the external IP address of this machine must point to this machine (e.g. port forwarding might need to be setup on your router). Have you met these requirements? (y/n) y Please enter an email address (for urgent notices or key recovery): [redacted] Please enter your domain name(s) (space-separated): [redacted].net Attempting to obtain certificates... error running certbot: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for [redacted].net Using the webroot path /var/snap/nextcloud/current/certs/certbot for all unmatched domains. Waiting for verification... Challenge failed for domain [redacted].net http-01 challenge for [redacted].net Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: [redacted].net Type: connection Detail: Fetching http://[redacted].net/.well-known/acme-challenge/fKfzMgFrXiXs_AQzTI4oSezxFsTIf13ISi-5qbKt194: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
The full log is here: https://pastebin.com/ud69Ysb3
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Set up SSL cert with Let’s Encrypt as listed in the docs.
- Wait three months.
- Try to renew.
The output of your Nextcloud log in Admin > Logging:
The output of your config.php file in
/path/to/nextcloud (make sure you remove any identifiable information!):
<?php $CONFIG = array ( 'apps_paths' => array ( 0 => array ( 'path' => '/snap/nextcloud/current/htdocs/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps', 'url' => '/extra-apps', 'writable' => true, ), ), 'supportedDatabases' => array ( 0 => 'mysql', ), 'memcache.locking' => '\\OC\\Memcache\\Redis', 'memcache.local' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '/tmp/sockets/redis.sock', 'port' => 0, ), 'instanceid' => 'oc4rlz5glym1', 'passwordsalt' => '[redacted]', 'secret' => '[redacted]', 'trusted_domains' => array ( 0 => 'localhost', 1 => '[redacted].net', ), 'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data', 'dbtype' => 'mysql', 'version' => '126.96.36.199', 'overwrite.cli.url' => 'http://localhost', 'dbname' => 'nextcloud', 'dbhost' => 'localhost:/tmp/sockets/mysql.sock', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '[redacted]', 'installed' => true, 'twofactor_enforced' => 'false', 'twofactor_enforced_groups' => array ( ), 'twofactor_enforced_excluded_groups' => array ( ), 'maintenance' => false, 'loglevel' => 2, 'mail_smtpmode' => 'smtp', 'mail_sendmailmode' => 'smtp', 'mail_smtpauthtype' => 'LOGIN', );
The output of your Apache/nginx/system log in
(not sure if this is relevant)
[Tue Oct 29 01:39:18.053575 2019] [mpm_event:notice] [pid 18562:tid 140060526131072] AH00491: caught SIGTERM, shutting down [Tue Oct 29 01:39:20.967597 2019] [ssl:warn] [pid 20460:tid 139807152490368] AH01909: ::1:443:0 server certificate does NOT include an ID which matches the server name AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message [Tue Oct 29 01:39:20.974642 2019] [ssl:warn] [pid 20460:tid 139807152490368] AH01909: ::1:443:0 server certificate does NOT include an ID which matches the server name [Tue Oct 29 01:39:20.975751 2019] [mpm_event:notice] [pid 20460:tid 139807152490368] AH00489: Apache/2.4.41 (Unix) OpenSSL/1.0.2g configured -- resuming normal operations [Tue Oct 29 01:39:20.975777 2019] [core:notice] [pid 20460:tid 139807152490368] AH00094: Command line: 'httpd -d /snap/nextcloud/16739 -D EnableHTTPS -D EnableHSTS -D FOREGROUND' [Tue Oct 29 01:39:20.976656 2019] [unixd:alert] [pid 20463:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive [Tue Oct 29 01:39:20.977545 2019] [unixd:alert] [pid 20462:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive [Tue Oct 29 01:39:20.978464 2019] [unixd:alert] [pid 20461:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive [Tue Oct 29 01:43:44.222383 2019] [unixd:alert] [pid 20834:tid 139807152490368] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive