if the instructions from sven1234 don’t help you, maybe THIS will bring you acces to your cloud in https.
But this is not a good solution. To solve the Letsencrypt problem you should update NextcloudPi
Today i was able to optain a new Let’s Encrypt Certificate. I got the following output:
[...]
IMPORTANT NOTES:
-Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nc-hostname-0003/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nc-hostname-0003/privkey.pem
[…]
the path (with “-0003”) actually exists, but unfortunately, ncp.conf contains the wrong path again:
SSLCertificateFile /etc/letsencrypt/live/nc-hostname/fullchain.pem
Looks like you must have several folders with certificates. I added some tweaks to the code to pick the most recent one. Please run sudo ncp-update devel and try again.
NextcloudPi was successfully updated to v1.40.6
after that I have run Let’s Encrypt again. I got the following output:
[ letsencrypt ] (Wed Oct 13 20:42:30 CEST 2021)
+ [[ yes != \y\e\s ]]
+ local DOMAIN_LOWERCASE=*nc-hostname*
+ local OTHER_DOMAINS_ARRAY
+ [[ *nc-hostname* == '' ]]
+ local 'IFS_BK=
'
+ IFS=',
'
+ OTHER_DOMAINS_ARRAY=(${OTHER_DOMAIN})
+ IFS='
'
+ local domain_string=
+ for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"
+ [[ *nc-hostname* != '' ]]
+ [[ '' == '' ]]
+ domain_string+=*nc-hostname*
+ /usr/bin/letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w /var/www/nextcloud --hsts --agree-tos -m '' -d *nc-hostname*
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/*nc-hostname*-0003/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/*nc-hostname*-0003/privkey.pem
Your cert will expire on 2022-01-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- cat
- chmod 755 /etc/cron.weekly/letsencrypt-ncp
- mkdir -p /etc/letsencrypt/renewal-hooks/deploy
- cat
- chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp
- install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
- local template=nextcloud.conf.sh
- local target=/etc/apache2/sites-available/nextcloud.conf
++ mktemp - local bkp=/tmp/tmp.1Dq4vnf2Cm
- [[ -f /etc/apache2/sites-available/nextcloud.conf ]]
- cp -a /etc/apache2/sites-available/nextcloud.conf /tmp/tmp.1Dq4vnf2Cm
- [[ ‘’ == --\d\e\f\a\u\l\t\s ]]
- bash /usr/local/etc/ncp-templates/nextcloud.conf.sh
INFO: Letsencrypt domain is nc-hostname
INFO: Metrics enabled: no
Apache self check:
AH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/nextcloud.conf:
SSLCertificateFile: file ‘/fullchain.pem’ does not exist or is empty
Action ‘-t’ failed.
The Apache error log may have more information. - [[ ‘’ == --\a\l\l\o\w-\f\a\l\l\b\a\c\k ]]
- rm /tmp/tmp.1Dq4vnf2Cm
- sed -i ‘s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/nc-hostname/fullchain.pem|’ /etc/apache2/sites-available/ncp.conf
- sed -i ‘s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/nc-hostname/privkey.pem|’ /etc/apache2/sites-available/ncp.conf
- local domain_index=22
- for dom in $DOMAIN “${OTHER_DOMAINS_ARRAY[@]}”
- [[ nc-hostname != ‘’ ]]
- [[ 22 -lt 20 ]]
- echo ‘WARN: nc-hostname will not be included in trusted domains for Nextcloud (maximum reached).’ ‘It will still be included in the SSL certificate’
WARN: nc-hostname will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate - continue
- set-nc-domain nc-hostname
- local domain=nc-hostname
++ sed ‘s|http.?://||;s|(/.*)||’ - domain=nc-hostname
- ping -c1 -w1 -q nc-hostname
- [[ nc-hostname == ‘’ ]]
- is_an_ip nc-hostname
- local ip_or_domain=nc-hostname
- grep -oPq ‘\d{1,3}(.\d{1,3}){3}’
- local proto
++ ncc config:system:get overwriteprotocol - proto=https
- [[ https == ‘’ ]]
- local url=https://nc-hostname
- [[ ‘’ == --\n\o-\t\r\u\s\t\e\d-\d\o\m\a\i\n ]]
- ncc config:system:set trusted_domains 3 --value=nc-hostname
System config value trusted_domains => 3 set to string nc-hostname - ncc config:system:set overwrite.cli.url --value=https://nc-hostname/
System config value overwrite.cli.url set to string https://nc-hostname/ - is_ncp_activated
- a2query -s ncp-activation -q
- is_app_enabled notify_push
- local app=notify_push
- ncc app:list
- sed ‘0,/Disabled/!d’
- grep -q notify_push
- ncc config:system:set trusted_proxies 11 --value=127.0.0.1
System config value trusted_proxies => 11 set to string 127.0.0.1 - ncc config:system:set trusted_proxies 12 --value=::1
System config value trusted_proxies => 12 set to string ::1 - ncc config:system:set trusted_proxies 13 --value=nc-hostname
System config value trusted_proxies => 13 set to string nc-hostname
++ dig +short nc-hostname - ncc config:system:set trusted_proxies 14 --value=nc-ip
System config value trusted_proxies => 14 set to string nc-ip - sleep 5
- ncc notify_push:setup https://nc-hostname/push
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved - apachectl -k graceful
AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/nc-hostname/fullchain.pem’ does not exist or is empty
Action ‘-k graceful’ failed.
The Apache error log may have more information. - rm -rf /var/www/nextcloud/.well-known
- is_docker
- [[ -f /.dockerenv ]]
- [[ ‘’ == 1 ]]
- return 0
the path (with “-0003”) still exists, and ncp.conf contains the wrong path:
SSLCertificateFile /etc/letsencrypt/live/*nc-hostname*/fullchain.pem
after a reboot NCP is not going to start.
Even if i change the path in ncp.conf to the *-0003 folder.
And even if if change the hole path to
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
and
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
that helped last time at least to have access to the web interface.
But now the Web interface wont start no madder what i do. this is a little frustrating
apachectl configtest alway says something like this:
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/*nc-hostname*-0003/fullchain.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
pi@nextcloudpi:~ $
by the way, /etc/letsencrypt/live/*nc-hostname*-0003/fullchain.pem exists and nc-hostname-0003 is the only folder. there are no other nc-hostname folders.
thanks for your help, it is very useful. Don’t worry, I’ll help you fix anything that comes up.
I think that your problem should be fixed now, please run
sudo su
ncp-update
source /usr/local/etc/library.sh
set -x
source /usr/local/etc/ncp-templates/nextcloud.conf.sh
set +x
, and share the output. If it looks good (the paths are correct), you can make it permanent with
install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
apache2ctl -k graceful
1 Like
thanks again for the help. In the worst case, if nothing else helps, I can still reinstall the entire NCP. I have a current backup.
here is the output.
But honestly, I do not know if it is what we expected. So I have not made it permanent yet.
pi@nextcloudpi:~ $ sudo su
root@nextcloudpi:/home/pi# ncp-update
Downloading updates
Performing updates
No such app enabled: updatenotification
Running nc-notify-updates
update web notifications enabled
Running nc-autoupdate-nc
automatic Nextcloud updates enabled
NextCloudPi updated to version v1.41.1
root@nextcloudpi:/home/pi# source /usr/local/etc/library.sh
root@nextcloudpi:/home/pi# set -x
root@nextcloudpi:/home/pi# source /usr/local/etc/ncp-templates/nextcloud.conf.sh
+ source /usr/local/etc/ncp-templates/nextcloud.conf.sh
++ set -e
++ source /usr/local/etc/library.sh
+++ export NCPCFG=/usr/local/etc/ncp.cfg
+++ NCPCFG=/usr/local/etc/ncp.cfg
+++ export CFGDIR=/usr/local/etc/ncp-config.d
+++ CFGDIR=/usr/local/etc/ncp-config.d
+++ export BINDIR=/usr/local/bin/ncp
+++ BINDIR=/usr/local/bin/ncp
+++ export NCDIR=/var/www/nextcloud
+++ NCDIR=/var/www/nextcloud
+++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite] =6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [t rusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
+++ export TRUSTED_DOMAINS
+++ command -v jq
+++ [[ -f /usr/local/etc/ncp.cfg ]]
++++ jq -r .nextcloud_version
+++ NCLATESTVER=21.0.4
++++ jq -r .php_version
+++ PHPVER=7.3
++++ jq -r .release
+++ RELEASE=buster
+++ command -v ncc
++++ ncc status
++++ grep version:
++++ awk '{ print $3 }'
+++ NCVER=21.0.4.1
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ ! -f /.docker-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
+++ [[ -f /.ncp-image ]]
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
+++ tmpl_letsencrypt_domain
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite ]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [ trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
++++ NCVER=21.0.4.1
+++ is_active_app letsencrypt
+++ local ncp_app=letsencrypt
+++ local bin_dir=.
+++ local script=./letsencrypt.sh
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ [[ -f ./letsencrypt.sh ]]
++++ find /usr/local/bin/ncp -name letsencrypt.sh
++++ head -1
+++ local script=/usr/local/bin/ncp/NETWORKING/letsencrypt.sh
+++ [[ -f /usr/local/bin/ncp/NETWORKING/letsencrypt.sh ]]
+++ unset is_active
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
++++ type -t is_active
+++ [[ function == function ]]
+++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ local 'cfg={
"id": "letsencrypt",
"name": "Let'\''s Encrypt, Automatic signed SSL certificates",
"title": "letsencrypt",
"description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and o pen Certificate Authority.",
"info": "Internet access is required for this configuration to complete\nBoth ports 80 and 4 43 need to be accessible from the internet\n\nYour certificate will be automatically renewed e very month",
"infotitle": "Warning",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "DOMAIN",
"name": "Domain",
"value": "*nc-hostname*",
"suggest": "mycloud.ownyourbits.com"
},
{
"id": "OTHER_DOMAIN",
"name": "Additional domain",
"value": "",
"suggest": "optional.cloud.ownyourbits.com"
},
{
"id": "EMAIL",
"name": "Email",
"value": "",
"suggest": "mycloud@ownyourbits.com"
}
]
}'
++++ jq '.params | length'
+++ local len=4
+++ (( i = 0 ))
+++ (( i < len ))
++++ jq -r '.params[0].id'
+++ local var=ACTIVE
++++ jq -r '.params[0].value'
+++ local val=yes
+++ eval ACTIVE=yes
++++ ACTIVE=yes
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[1].id'
+++ local var=DOMAIN
++++ jq -r '.params[1].value'
+++ local val=*nc-hostname*
+++ eval DOMAIN=*nc-hostname*
++++ DOMAIN=*nc-hostname*
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[2].id'
+++ local var=OTHER_DOMAIN
++++ jq -r '.params[2].value'
+++ local val=
+++ eval OTHER_DOMAIN=
++++ OTHER_DOMAIN=
+++ (( i++ ))
+++ (( i < len ))
++++ jq -r '.params[3].id'
+++ local var=EMAIL
++++ jq -r '.params[3].value'
+++ local val=
+++ eval EMAIL=
++++ EMAIL=
+++ (( i++ ))
+++ (( i < len ))
+++ is_active
+++ [[ yes == \y\e\s ]]
++++ find /etc/letsencrypt/live/ -maxdepth 0 -empty
++++ wc -l
+++ [[ 0 == 0 ]]
+++ return 0
+++ find_app_param letsencrypt DOMAIN
+++ local script=letsencrypt
+++ local param_id=DOMAIN
++++ basename letsencrypt .sh
+++ local ncp_app=letsencrypt
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ find_app_param_num letsencrypt DOMAIN
++++ local script=letsencrypt
++++ local param_id=DOMAIN
+++++ basename letsencrypt .sh
++++ local ncp_app=letsencrypt
++++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
+++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
++++ local 'cfg={
"id": "letsencrypt",
"name": "Let'\''s Encrypt, Automatic signed SSL certificates",
"title": "letsencrypt",
"description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and o pen Certificate Authority.",
"info": "Internet access is required for this configuration to complete\nBoth ports 80 and 4 43 need to be accessible from the internet\n\nYour certificate will be automatically renewed e very month",
"infotitle": "Warning",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "yes",
"type": "bool"
},
{
"id": "DOMAIN",
"name": "Domain",
"value": "*nc-hostname*",
"suggest": "mycloud.ownyourbits.com"
},
{
"id": "OTHER_DOMAIN",
"name": "Additional domain",
"value": "",
"suggest": "optional.cloud.ownyourbits.com"
},
{
"id": "EMAIL",
"name": "Email",
"value": "",
"suggest": "mycloud@ownyourbits.com"
}
]
}'
+++++ jq '.params | length'
++++ local len=4
++++ (( i = 0 ))
++++ (( i < len ))
+++++ jq -r '.params[0].id'
++++ local p_id=ACTIVE
++++ [[ DOMAIN == \A\C\T\I\V\E ]]
++++ (( i++ ))
++++ (( i < len ))
+++++ jq -r '.params[1].id'
++++ local p_id=DOMAIN
++++ [[ DOMAIN == \D\O\M\A\I\N ]]
++++ echo 1
++++ return 0
+++ local p_num=1
+++ jq -r '.params[1].value'
++ LETSENCRYPT_DOMAIN=*nc-hostname*
++ [[ -z *nc-hostname* ]]
++ echo 'INFO: Letsencrypt domain is *nc-hostname*'
INFO: Letsencrypt domain is *nc-hostname*
++ [[ -f /.ncp-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -f /usr/local/bin/ncp/SYSTEM/metrics.sh ]]
+++ source /usr/local/bin/ncp/SYSTEM/metrics.sh
+++ tmpl_metrics_enabled
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite ]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [ trusted_domain_1]=20 [trusted_domain_1]=21 [trusted_domain_1]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
++++ NCVER=21.0.4.1
++++ find_app_param metrics.sh ACTIVE
++++ local script=metrics.sh
++++ local param_id=ACTIVE
+++++ basename metrics.sh .sh
++++ local ncp_app=metrics
++++ local cfg_file=/usr/local/etc/ncp-config.d/metrics.cfg
+++++ find_app_param_num metrics.sh ACTIVE
+++++ local script=metrics.sh
+++++ local param_id=ACTIVE
++++++ basename metrics.sh .sh
+++++ local ncp_app=metrics
+++++ local cfg_file=/usr/local/etc/ncp-config.d/metrics.cfg
+++++ [[ -f /usr/local/etc/ncp-config.d/metrics.cfg ]]
++++++ cat /usr/local/etc/ncp-config.d/metrics.cfg
+++++ local 'cfg={
"id": "metrics",
"name": "System Metrics, that can be collected by an external server",
"title": "System Metrics",
"description": "Prometheus (https://prometheus.io) compatible metrics for things like, CPU/m emory/disk usage etc.",
"info": "In order to use these metrics, you will need to setup at least an external Promethe us instance. You can find a quick and easy way to start at https://github.com/theCalcaholic/nc p-monitoring-dashboard",
"infotitle": "External service required",
"params": [
{
"id": "ACTIVE",
"name": "Active",
"value": "no",
"type": "bool"
},
{
"id": "USER",
"name": "Metrics User",
"value": "metrics",
"suggest": "metrics"
},
{
"id": "PASSWORD",
"name": "Metrics Password",
"value": "",
"type": "password"
}
]
}'
++++++ jq '.params | length'
+++++ local len=3
+++++ (( i = 0 ))
+++++ (( i < len ))
++++++ jq -r '.params[0].id'
+++++ local p_id=ACTIVE
+++++ [[ ACTIVE == \A\C\T\I\V\E ]]
+++++ echo 0
+++++ return 0
++++ local p_num=0
++++ jq -r '.params[0].value'
+++ local param_active=no
+++ [[ no == yes ]]
+++ exit 1
+++ echo no
++ METRICS_IS_ENABLED=no
++ echo 'INFO: Metrics enabled: no'
INFO: Metrics enabled: no
++ echo '### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRIT TEN ###'
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
++ echo ''
++ cat
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -n *nc-hostname* ]]
++ echo ' ServerName *nc-hostname*'
ServerName *nc-hostname*
++ LETSENCRYPT_CERT_BASE_PATH=/etc/letsencrypt/live/*nc-hostname*
++ [[ -d /etc/letsencrypt/live/*nc-hostname* ]]
+++ find /etc/letsencrypt/live -type d -name '*nc-hostname**' -printf '%T@ %p\n'
+++ sort -n
+++ cut -f2 '-d '
+++ tail -1
++ LETSENCRYPT_CERT_BASE_PATH=/etc/letsencrypt/live/*nc-hostname*-0003
++ [[ -d /etc/letsencrypt/live/*nc-hostname*-0003 ]]
++ [[ -d /etc/letsencrypt/live/*nc-hostname*-0003 ]]
++ LETSENCRYPT_CERT_PATH=/etc/letsencrypt/live/*nc-hostname*-0003/fullchain.pem
++ LETSENCRYPT_KEY_PATH=/etc/letsencrypt/live/*nc-hostname*-0003/privkey.pem
++ cat
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/*nc-hostname*-0003/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/*nc-hostname*-0003/privkey.pem
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ no == yes ]]
++ cat
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
++ [[ -f /.ncp-image ]]
++ echo 'Apache self check:'
++ apache2ctl -t
pi@nextcloudpi:~ $ set +x
looking good here!
if this is an existing path I think this is good to go
yes, the path exists.
i assume i should run this now:
install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
apache2ctl -k graceful
But i think i’m doing it wrong…
Output:
pi@nextcloudpi:~ $ install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
-bash: install_template: Kommando nicht gefunden.
= command not found
When you make certain changes to the configuration of certbot, it will change to a different path and append the “-####” suffix.
https://community.letsencrypt.org/t/prevent-0001-xxxx-certificate-suffixes/66802/3
https://community.letsencrypt.org/t/certbot-renew-request-saves-certificates-to-0001-to-folder/49654/9
do it like
sudo su
source /usr/local/etc/library.sh
install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
apache2ctl -k graceful
1 Like
running the commands has worked and after that, everything was just fine. I could reach the web interface, the SSL certificate was ok and so on.
then i tried to run LetsEncrypt again to see what happens.
the SSL certificate has been renewed, but apparently there was again a problem with this.
unfortunately I can not provide an output because the window was empty.
Path in the ncp.conf: /etc/letsencrypt/live/*nc-hostname*/fullchain.pem
After a reboot, NCP was down again
this time writing the “0003” into path helped to start the web interface.
This is ok for me. I can renew the certificate and edit ncp.conf manually every few weeks. There are probably bigger problems out there and i dont want to waste your time. But if you want to find a solution, I will try everything you suggest.
ok, it seems like you have the folder, but without (valid) certs in it?
let’s try a different angle
sudo ncp-update devel
, and run letsencrypt again. If this works I think it’s way more robust
thanks for the help
/etc/letsencrypt/live/ only contains one folder: nc-hostname-0003 with certs in it.
Should I try again anyway?
yes, please I am trying out a slightly different method
done. here the output
[ letsencrypt ] (Fri Oct 15 21:46:34 CEST 2021)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/*nc-hostname*-0004/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/*nc-hostname*-0004/privkey.pem
Your cert will expire on 2022-01-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
INFO: Letsencrypt domain is *nc-hostname*
INFO: Metrics enabled: no
Apache self check:
Syntax OK
WARN: *nc-hostname* will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
System config value trusted_domains => 3 set to string *nc-hostname*
System config value overwrite.cli.url set to string https://*nc-hostname*/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string *nc-hostname*
System config value trusted_proxies => 14 set to string *nc-ip*
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/*nc-hostname*/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.
/etc/letsencrypt/live/ now contains 2 folder:
nc-hostname-0003 and nc-hostname-0004, both with certs in it
ncp.conf:
SSLCertificateFile /etc/letsencrypt/live/*nc-hostname*/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/*nc-hostname*/privkey.pem
thanks, and is apache working fine with that config?
After correcting the path for the certificates, apache is working fine, yes.
(at least as far as I can tell ^^)
wait, if your ncp.conf says that, that means that /etc/letsencrypt/live/*nc-hostname* must exist. Is that not the case?
pi@nextcloudpi:~ $ sudo ls /etc/letsencrypt/live/
*nc-hostname*-0003 *nc-hostname*-0004 README
/etc/letsencrypt/live/*nc-hostname* does not exist.
sorry, I should have specified, did you run letsencrypt? the idea of the new fix is that you run letsencrypt and then we should be forcing the path as /etc/letsencrypt/live/*nc-hostname* (no -000x).
Still weird that it is in the ncp.conf, since the code checks for existence