Local SSL and now site won't load

realncp · March 5, 2021, 11:04pm

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 20.0.5): 1.35
Operating system and version (eg, Ubuntu 20.04): `Raspberry Pi 4
Apache or nginx version (eg, Apache 2.4.25): Appache

The issue you are facing:

Hello,

I was trying to get a self assigned cert on my local nextcloudpi server. I followed the tutorial here:

https://docs.nextcloud.com/server/16/admin_manual/installation/source_installation.html#apache-web-server-configuration

I ran:
a2enmod ssl
a2ensite default-ssl
service apache2 reload

And now my local nextcloud server won’t load. Anyway I can reverse this? I went to:

/etc/apache2/sites-enabled

And I set the SSL to “no” in “default-ssl.conf” but still the same issue.

Thanks!

tflidd · March 6, 2021, 8:42am

a2dismod ssl
a2dismod default-ssl
service apache2 reload

Once you have a bit of time, you should try to debug it and without SSL just run Nextcloud in your local network.

OliverV · March 6, 2021, 10:41am

NCP comes with ssl and a snakoil certificate enabled by default.
What installation medium or method did you use?

There is no need to generate a selfsigned certificate. You can use letsencrypt to get a valid cerificate, if you want, or leave the snakeoil cert in place if its just for local access.

You can just remove the simlink to default-ssl, reload apache and your NC and NCP web should be back up.
Run sudo ncp-report to get and post system info if need further assistance

realncp · March 6, 2021, 5:12pm

Thanks for the responses guys, much appreciated!

@OliverV I ran this install method from here with a Nextcloudpi image: https://raspberrytips.com/install-nextcloud-raspberry-pi/

a2dismod ssl = I ran this and it worked
a2dismod default-ssl = I ran this and got “ERROR: Module default-ssl does not exist!”

I should also note that I am running Pihole on port 8888 and this still loads fine. It’s almost like I messed up port 80 by installing a second certificate? I didn’t realize snakeoil was enabled by default until after I ran the commands in my first post. Thing is, it never showed my local IP being secure in the browser URL, it always had it crossed out but the NCP interface would still load. I just assumed no local cert was installed and running.

Basically I was trying to get a local SSL cert running so I could use “Nextcloud Yaga” phone app (it requires SSL) to view my photos from my NCP server.

Anyway, I ran “sudo ncp-report” and have attached the relevant system info and HTTP log as the nextcloud admin interface still isn’t loading. Thanks again for the help a total newb at all this! Just switched to Linux on my desktop too

<details>
<summary>NextCloudPi diagnostics</summary>

```

NextCloudPi version  v1.35.0
NextCloudPi image    NextCloudPi_09-05-20
distribution         Raspbian GNU/Linux 10 \n \l
automount            yes
USB devices          sda 
datadir              /media/myCloudDrive/ncdata
data in SD           no
data filesystem      btrfs
data disk usage      3.1G/240G
rootfs usage         2.8G/59G
swapfile             /var/swap
dbdir                /var/lib/mysql
Nextcloud check      ok
Nextcloud version    19.0.2.2
HTTPD service        down
PHP service          up
MariaDB service      up
Redis service        up
Postfix service      up
internet check       ok
port check 80        open
port check 443       open
IP                   ***REMOVED SENSITIVE VALUE***
gateway              ***REMOVED SENSITIVE VALUE***
interface            wlan0
certificates         ***REMOVED SENSITIVE VALUE***
NAT loopback         no
uptime               21min

```
</details>


<details>
<summary>Nextcloud configuration</summary>

```

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "5": "nextcloudpi.local",
            "7": "nextcloudpi",
            "8": "nextcloudpi.lan",
            "11": "143.244.x.x",
            "1": "192.168.1.136"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "19.0.2.2",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "tempdirectory": "\/media\/myCloudDrive\/ncdata\/tmp",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "overwriteprotocol": "https",
        "maintenance": false,
        "logfile": "\/media\/myCloudDrive\/ncdata\/nextcloud.log",
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpsecure": "ssl",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
    }
}

```
</details>


<details>
<summary>HTTPd logs</summary>

```

[Sat Mar 06 00:00:07.522157 2021] [ssl:warn] [pid 892:tid 3069522448] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Sat Mar 06 00:00:07.522541 2021] [ssl:error] [pid 892:tid 3069522448] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=archlinux / issuer: CN=archlinux / serial: 303A38E45B64A6AAD3A8E4CD74CB7461409A01EA / notbefore: Sep  5 16:15:31 2020 GMT / notafter: Sep  3 16:15:31 2030 GMT]
[Sat Mar 06 00:00:07.522570 2021] [ssl:error] [pid 892:tid 3069522448] AH02604: Unable to configure certificate localhost:4443:0 for stapling
[Sat Mar 06 00:00:07.522587 2021] [ssl:warn] [pid 892:tid 3069522448] AH01916: Init: (localhost:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Sat Mar 06 00:00:07.523780 2021] [mpm_event:notice] [pid 892:tid 3069522448] AH00489: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured -- resuming normal operations
[Sat Mar 06 00:00:07.523810 2021] [core:notice] [pid 892:tid 3069522448] AH00094: Command line: '/usr/sbin/apache2'
[Sat Mar 06 16:45:46.336794 2021] [mpm_event:notice] [pid 892:tid 3069522448] AH00491: caught SIGTERM, shutting down

```
</details>


<details>

realncp · March 8, 2021, 9:36pm

1. I just ran “a2dissite default-ssl”

As I noticed that the initial command I ran was “a2ensite default-ssl”. Since running “a2dissite default-ssl” I no longer get the errors in the “HTTPd logs summary” as posted above.

But my nextcloud still isn’t loading. Pihole still is working fine and loading on port 8888 though.

2. If I run “service apache2 reload” I get the following error:

● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2021-03-08 21:32:30 GMT; 13min ago
Docs: Apache HTTP Server Version 2.4 Documentation - Apache HTTP Server Version 2.4
Process: 640 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Mar 08 21:32:29 nextcloudpi systemd[1]: Starting The Apache HTTP Server…
Mar 08 21:32:30 nextcloudpi apachectl[640]: AH00526: Syntax error on line 12 of /etc/apache2/conf-enabled/http2.conf:
Mar 08 21:32:30 nextcloudpi apachectl[640]: Invalid command ‘SSLProtocol’, perhaps misspelled or defined by a module not included in the server configuration
Mar 08 21:32:30 nextcloudpi apachectl[640]: Action ‘start’ failed.
Mar 08 21:32:30 nextcloudpi apachectl[640]: The Apache error log may have more information.
Mar 08 21:32:30 nextcloudpi systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Mar 08 21:32:30 nextcloudpi systemd[1]: apache2.service: Failed with result ‘exit-code’.
Mar 08 21:32:30 nextcloudpi systemd[1]: Failed to start The Apache HTTP Server.

realncp · March 8, 2021, 9:56pm

I got it! Thanks again.

I just re-eanbled SSL with “sudo a2enmod ssl” and then restarted apache with “systemctl restart apache2”.

I still would love to get a local cert running as my browser still shows https crossed out, no idea how to do this.