[ letsencrypt ] (Mon Sep 20 12:59:54 CEST 2021)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nc-hostname-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nc-hostname-0001/privkey.pem
Your cert will expire on 2021-12-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
If you like Certbot, please consider supporting our work by:
Apache self check:
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/nc-hostname/fullchain.pem’ does not exist or is empty
Action ‘-t’ failed.
The Apache error log may have more information.
System config value trusted_domains => 22 set to string nc-hostname
System config value trusted_domains => 3 set to string nc-hostname
System config value overwrite.cli.url set to string https://nc-hostname/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string nc-hostname
System config value trusted_proxies => 14 set to string 213.162.146.86
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
Apache errorlog:
[Mon Sep 20 11:26:30.786803 2021] [mpm_event:notice] [pid 946:tid 3069370896] AH00493: SIGUSR1 received. Doing graceful restart
[Mon Sep 20 11:26:30.816674 2021] [ssl:warn] [pid 946:tid 3069370896] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Mon Sep 20 11:26:30.818199 2021] [mpm_event:notice] [pid 946:tid 3069370896] AH00489: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured – resuming normal operations
[Mon Sep 20 11:26:30.818228 2021] [core:notice] [pid 946:tid 3069370896] AH00094: Command line: ‘/usr/sbin/apache2’
[Mon Sep 20 11:38:47.467250 2021] [proxy_fcgi:error] [pid 19488:tid 2763224096] [client 192.168.1.22:39540] AH01067: Failed to read FastCGI header
[Mon Sep 20 11:38:47.467358 2021] [proxy_fcgi:error] [pid 19488:tid 2763224096] (104)Connection reset by peer: [client 192.168.1.22:39540] AH01075: Error dispatching request to :4443:
[Mon Sep 20 11:38:48.888050 2021] [mpm_event:notice] [pid 946:tid 3069370896] AH00491: caught SIGTERM, shutting down
[Mon Sep 20 11:39:08.135130 2021] [ssl:warn] [pid 758:tid 3069841984] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Mon Sep 20 11:39:08.170042 2021] [ssl:warn] [pid 985:tid 3069841984] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Mon Sep 20 11:39:08.175960 2021] [mpm_event:notice] [pid 985:tid 3069841984] AH00489: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured – resuming normal operations
[Mon Sep 20 11:39:08.176068 2021] [core:notice] [pid 985:tid 3069841984] AH00094: Command line: ‘/usr/sbin/apache2’
[Mon Sep 20 12:06:14.118296 2021] [mpm_event:notice] [pid 985:tid 3069841984] AH00493: SIGUSR1 received. Doing graceful restart
[Mon Sep 20 12:06:14.151976 2021] [ssl:warn] [pid 985:tid 3069841984] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Mon Sep 20 12:06:14.153516 2021] [mpm_event:notice] [pid 985:tid 3069841984] AH00489: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured – resuming normal operations
[Mon Sep 20 12:06:14.153545 2021] [core:notice] [pid 985:tid 3069841984] AH00094: Command line: ‘/usr/sbin/apache2’
the following seems to be the problem in my opinion:
The file “fullchain.pem” is located in this folder:
/etc/letsencrypt/live/nc-hostname-0001/
But Apache is looking in this folder (which does not exist):
/etc/letsencrypt/live/nc-hostname/
I don’t know where the “0001” comes from. Is it possible to change the name? Or can I make Apache look in the right folder?
EDIT:
after a reboot i am not able to open the nextcloud web interface anymore.
‘apachectl configtest’ says:
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/nc-hostname/fullchain.pem’ does not exist or is empty
Action ‘configtest’ failed.
‘sudo systemctl restart apache2.service’ says:
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
NextCloudPi version v1.39.6
NextCloudPi image NextCloudPi_07-21-19
distribution Raspbian GNU/Linux 10 \n \l
automount yes
USB devices sda sdb
datadir /media/ncp_data/data
data in SD no
data filesystem btrfs
data disk usage 54G/115G
rootfs usage 6,6G/59G
swapfile /var/swap
dbdir /var/lib/mysql
Nextcloud check ok
Nextcloud version 21.0.4.1
HTTPD service down
PHP service up
MariaDB service up
Redis service up
HPB service down
Postfix service up
internet check ok
port check 80 closed
port check 443 closed
IP ***REMOVED SENSITIVE VALUE***
gateway ***REMOVED SENSITIVE VALUE***
interface eth0
certificates ***REMOVED SENSITIVE VALUE***
NAT loopback no
uptime 11:03
Now I have access to the WebInterface again. But the initial Problem still exist. Since we have the same problem I will follow the thread of @Martin_Friebe
thanks for your Help! at the moment Let’s Encrypt is deactivated and the files (fullchain.pem, privkey.pem) do not exist.
I guess they are automatically deleted when Let’s Encrypt is deactivated
So, to use the certificates i probably have to activate Let’s Encrypt. But trying to do that in the web interface i get the following output in an loop.
Output
Domain
Additional domain
Email
[ letsencrypt ] (Wed Sep 22 08:57:30 CEST 2021)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
System config value trusted_domains => 3 set to string An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}
System config value overwrite.cli.url set to string https://An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}/
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: jha.spdns.de: see Rate Limits - Let's Encrypt
Please see the logfiles in /var/log/letsencrypt for more details.
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}
System config value trusted_proxies => 14 set to empty string
✓ redis is configured
🗴 can’t connect to push server: Unable to parse URI: https://An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}/push/test/cookie
System config value trusted_domains => 3 set to string An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}
System config value overwrite.cli.url set to string https://An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}
System config value trusted_proxies => 14 set to empty string
✓ redis is configured
🗴 can’t connect to push server: Unable to parse URI: https://An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}/push/test/cookie
System config value trusted_domains => 3 set to string An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}
System config value overwrite.cli.url set to string https://An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string An unhandled exception has been thrown:
RedisException: LOADING Redis is loading the dataset in memory in
Stack trace: #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 {main}
System config value trusted_proxies => 14 set to empty string
also sudo ncp-update devel
didn’t changed the ncp.conf
EDIT:
i cannot activate LE because i have reached the limit of 5 per week
Actually you can do that, or you can update to the latest version and reboot. I added some code to try to fix this situation automatically during a reboot.
Hello all
I thing I have a similar issue.
Before the last ncp version everything was OK with the 1.39.13 I cant acces to my cloud in https.
II’m able to connect in ssh and tried to change ncp-https to no and I have the message below:
running nc-httpsonly
System config value overwriteprotocol set to string https
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/xxxxxx.ddns.net/fullchain.pem’ does not exist or is empty
Action ‘-k graceful’ failed.
The Apache error log may have more information.
Forcing HTTPS Off