Hi, i have a problem obtaining a new certificate. I had ncp (and letsencrypt) running for month without any difficulties. Then I had to replace the sd-card and reinstall ncp. Everything worked out well but the letsencrypt process…
This ist the error message i get every time i try to start/configure letsencrypt (i changes the domain-name here):
Launching letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for my-no-ip-domain
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. my-no-ip-domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my-no-ip-domain.ddns.net/.well-known/acme-challenge/GXvPd4UKGm6BlnuOBa_ds0fgiarKVrM6FoyOyINJq-o:
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: my-no-ip-domain.ddns.net
Type: unauthorized
Detail: Invalid response from
http://my-no-ip-domain.ddns.net/.well-known/acme-challenge
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Done. Press any key…
This is my ncp-report
NextCloudPi diagnostics
NextCloudPi version v0.56.18
NextCloudPi image NextCloudPi_05-28-18
distribution Raspbian GNU/Linux 9 \n \l
automount yes
USB devices none
datadir /var/www/nextcloud/data
data in SD yes
data filesystem ext2/ext3
data disk usage 1.9G/15G
rootfs usage 1.9G/15G
swapfile /var/swap
Nextcloud check ok
Nextcloud version 13.0.2.1
HTTPD service up
PHP service up
MariaDB service up
Redis service up
Postfix service up
internet check ok
port check 80 open
port check 443 open
IP 192.168.XXX.XXX
gateway 192.168.XXX.XXX
interface eth0
certificates none
NAT loopback no
uptime 20:43
Nextcloud configuration
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": {
"0": "localhost",
"5": "nextcloudpi.local",
"1": "192.168.178.184",
"3": "espacelibre.ddns.net"
},
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/espacelibre.ddns.net",
"dbtype": "mysql",
"version": "13.0.2.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0,
"password": "***REMOVED SENSITIVE VALUE***"
},
"mail_smtpmode": "php",
"mail_smtpauthtype": "LOGIN",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"overwriteprotocol": "https",
"loglevel": "2",
"log_type": "file"
}
}
HTTPd logs
[Wed Apr 18 01:08:20.608663 2018] [ssl:warn] [pid 518:tid 1992101888] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 18 01:08:20.618305 2018] [ssl:error] [pid 518:tid 1992101888] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=desktop / issuer: CN=desktop / serial: D49AE04E29EE6545 / notbefore: May 28 15:52:26 2018 GMT / notafter: May 25 15:52:26 2028 GMT]
[Wed Apr 18 01:08:20.618364 2018] [ssl:error] [pid 518:tid 1992101888] AH02604: Unable to configure certificate localhost:443:0 for stapling
[Wed Apr 18 01:08:21.043855 2018] [ssl:warn] [pid 739:tid 1992101888] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 18 01:08:21.044245 2018] [ssl:error] [pid 739:tid 1992101888] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=desktop / issuer: CN=desktop / serial: D49AE04E29EE6545 / notbefore: May 28 15:52:26 2018 GMT / notafter: May 25 15:52:26 2028 GMT]
[Wed Apr 18 01:08:21.044280 2018] [ssl:error] [pid 739:tid 1992101888] AH02604: Unable to configure certificate localhost:443:0 for stapling
[Wed Apr 18 01:08:22.003396 2018] [mpm_event:notice] [pid 739:tid 1992101888] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2l configured -- resuming normal operations
[Wed Apr 18 01:08:22.003569 2018] [core:notice] [pid 739:tid 1992101888] AH00094: Command line: '/usr/sbin/apache2'
[Sun Jun 10 21:19:04.150340 2018] [authz_core:error] [pid 806:tid 1740633136] [client 66.133.109.36:54200] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/WqGQaep9vCeEa5jSUkUroUNi08Vp6GkcpmYcDuDedco
[Sun Jun 10 21:23:17.548354 2018] [authz_core:error] [pid 806:tid 1723855920] [client 66.133.109.36:50974] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/d-w_s02yLZp8-SXFvZr_2fj3qVGNhzv6DGShK7GfCiU
[Sun Jun 10 21:33:15.783069 2018] [authz_core:error] [pid 807:tid 1681912880] [client 66.133.109.36:49638] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/4Jb9wbIZP1uKM_z82vL8gDIagickODcC5B68gf0nHiU
[Mon Jun 11 03:43:51.846670 2018] [ssl:error] [pid 807:tid 1598026800] AH02031: Hostname \xb2\x0eG\x14\xbb\x01 provided via SNI, but no hostname provided in HTTP request
[Mon Jun 11 06:16:40.669377 2018] [authz_core:error] [pid 806:tid 1673524272] [client 66.133.109.36:54378] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/yuuXBYVr40z0P7x5K7QgeQPMv5lKIjDewwzuHjAQZ-0
[Mon Jun 11 06:21:46.996817 2018] [authz_core:error] [pid 806:tid 1656747056] [client 66.133.109.36:54426] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/w3uBsw7q41nJPiLIzgYKq6eMUg_kkIpT55OX384P-L8
[Mon Jun 11 14:09:29.729803 2018] [authz_core:error] [pid 806:tid 1698690096] [client 184.105.247.195:46620] AH01630: client denied by server configuration: /var/www/ncp-web/
[Mon Jun 11 15:00:20.337150 2018] [authz_core:error] [pid 807:tid 1589638192] [client 178.201.149.206:20631] AH01630: client denied by server configuration: /var/www/ncp-web/
[Mon Jun 11 17:02:14.575202 2018] [authz_core:error] [pid 807:tid 1707078704] [client 66.133.109.36:60404] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/4mCWt9DnLZqe3UZmN2oJ8ZXwIYcArSEI2hedVtS-gHE
[Mon Jun 11 17:07:38.401053 2018] [authz_core:error] [pid 806:tid 1606415408] [client 66.133.109.36:35572] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/giEmX8Zx-xDhnQIl6YctYgw8VNjJu0juHUEPkLUjrXk
[Mon Jun 11 17:10:43.513421 2018] [authz_core:error] [pid 807:tid 1564464176] [client 66.133.109.36:53322] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/4F0bE_f5A4hA9w-B4FqkA_x_EiG54JbSAG4RxPl1Q7Y
[Mon Jun 11 17:25:13.980112 2018] [authz_core:error] [pid 807:tid 1723855920] [client 66.133.109.36:53122] AH01630: client denied by server configuration: /var/www/ncp-web/.well-known, referer: http://espacelibre.ddns.net/.well-known/acme-challenge/7NXJvrQU9yaqP-ENTrTtr39v-crQecdK4Udpfm5MW7Y
Database logs
2018-06-10 21:02:53 1988300800 [Note] InnoDB: Highest supported file format is Barracuda.
2018-06-10 21:02:53 1988300800 [Note] InnoDB: The log sequence numbers 3345017 and 3345017 in ibdata files do not match the log sequence number 3345027 in the ib_logfiles!
2018-06-10 21:02:53 1988300800 [Note] InnoDB: Restoring possible half-written data pages from the doublewrite buffer...
2018-06-10 21:02:54 1988300800 [Note] InnoDB: 128 rollback segment(s) are active.
2018-06-10 21:02:54 1988300800 [Note] InnoDB: Waiting for purge to start
2018-06-10 21:02:54 1988300800 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.35-80.0 started; log sequence number 3345027
2018-06-10 21:02:55 1442837312 [Note] InnoDB: Dumping buffer pool(s) not yet started
2018-06-10 21:02:55 1988300800 [Note] Plugin 'FEEDBACK' is disabled.
2018-06-10 21:02:55 1988300800 [Note] Recovering after a crash using tc.log
2018-06-10 21:02:55 1988300800 [Note] Starting crash recovery...
2018-06-10 21:02:55 1988300800 [Note] Crash recovery finished.
2018-06-10 21:02:55 1988300800 [Note] Server socket created on IP: '127.0.0.1'.
2018-06-10 21:02:55 1988300800 [ERROR] mysqld: Table './mysql/user' is marked as crashed and should be repaired
2018-06-10 21:02:55 1988300800 [Warning] Checking table: './mysql/user'
2018-06-10 21:02:55 1988300800 [ERROR] mysql.user: 1 client is using or hasn't closed the table properly
2018-06-10 21:02:55 1988300800 [ERROR] mysqld: Table './mysql/db' is marked as crashed and should be repaired
2018-06-10 21:02:55 1988300800 [Warning] Checking table: './mysql/db'
2018-06-10 21:02:55 1988300800 [ERROR] mysql.db: 1 client is using or hasn't closed the table properly
2018-06-10 21:02:55 1988300800 [Note] /usr/sbin/mysqld: ready for connections.
Version: '10.1.23-MariaDB-9+deb9u1' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Raspbian 9.0
Nextcloud logs
At this point I have really no clue what is causing the problem. I already checked a few possible solutions mentioned here, but it still won’t work. Has anyone an idea?
Many thanks for your help.