I noticed the other day my two month old NCP installation hadnāt updated its certificate.
No problem - I remembered I had disabled access to port 80 via my router firewall. So I opened it up again and waited another week. Certificate still not refreshed.
So in the ncp web interface I went to letsencrypt and hit āapplyā. Certificate was applied for and accepted.
However, I then noticed in my browsers (even after clearing caches) that NCP is still using the old certificate which expires in two weeks.
/etc/letsencrypt/live now shoes two directories: (sanitized)
server.mydomain.com and server.mydomain.com-0001 (this was the one created when I hit āapplyā)
The nextcloud panel on port 4443 shows the certificate I am using is āserver.mydomain.comā
Can anyone advise how to correct this so that a) ncp uses the correct certificate and b) I donāt make the same mistake again!
And when I update to new certificates will users get any errors about the certificate changing?
What i ultimately found was that the content of server.domain.com.conf in /etc/letsencrypt/renewal was empty. (Although not sure why)
So i took the content of server.domain.com-0001.conf and copied it to server.domain.com.conf (changing all references to server.domain.com-0001 to server.domain.com).
Well its three months since the above and my cert is about to expire again (in 10 days).
So seeing as it did not auto-renew i went again to run /opt/eff.org/certbot/venv/bin/certbot renew butā¦
/opt/eff.org/certbot is empty!
Everything from that directory down is no longer there. Did something change in the way nextcloudpi handles renewal? I cannot find the binary for certbot anywhere on the machine now.
Then run ncp-update from terminal/ncp-config or ncp-web, to make sure you are on latest version (v1.11.2 currently)
And run letsencrypt again from ncp-web or ncp-config.
I just tried the above - what I am seeing is an issue during the āInstalling Python packagesā phase.
Lots of pip errors - ending with:
THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
pycparser==2.19 from https://www.piwheels.org/simple/pycparser/pycparser-2.19-py2.py3-none-any.whl#sha256=344870c533812cb119c5475b5aed033ec546118711338ff9b2b78e67098d64e7 (from -r /tmp/tmp.hzGg64yMbt/letsencrypt-auto-requirements.txt (line 105)):
Expected sha256 a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3
Got 344870c533812cb119c5475b5aed033ec546118711338ff9b2b78e67098d64e7
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
Do you have any thoughts on that? I should point out this is a regular install from the nextcloudpi image - I have always had ncp-update-auto on so have always been current, and no tinkering with the system!