Change the ssl path in the apache config to point to your certificate from letsencrypt c:
(Replace path in second quote with path from first)
This would allow you to visit at the uri in the cert name.
hello @eyduh ,
you are right, this certificate “snakeoil” look wrong.
The Apache Cert Path should be handled by NextCloudPi as far as i know?
Hello. I think I am facing the same problem. When I try to connect via local network ip it shows the lets encrypt cert, but when I connect via internet url it only shows a self signed certificate. It also shows certificate “none” in the ncp system info.
For me it’s unrelated to 21.0.4 though, using the up to date docker image which comes with NCP 1.39.6 and NC 20.0.4.0
nextcloud.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
Same here. What I have noticed is that the certificate file name created by certbot is:
/etc/letsencrypt/live/my.domain.name**-0001**/privkey.pem
This could make the difference when creating the conf file from the template?
So what is the solution? At the top of my /etc/apache2/sites-available/nextcloud.conf, there is this warning:
“### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVE
RWRITTEN ###”
I think I see where the error is, can you please try the following?
sudo ncp-update devel
, then run letsencrypt again, then verify that we have the correct paths under /etc/apache2/sites-available/nextcloud.conf?
2 Likes
hello @nachoparker ,
this works for me, after ncp update and letsencrypt renewal the apache config is set correct and the connection to nextcloud works again 
Thank you!
I have this error and does not start
can’t connect to push server: cURL error 7: Failed to connect to my.domain.tld port 443: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://my.domain.tld/push/test/cookie
The path is correct but the apache server does not work
This fixed my LetsEncrypt cert not being applied to the .conf file as well
great, thanks all for the confirmation. I pushed the fixes to the main branch
As part of my fixes, I am now also taking this case into account, when the folder ends in -0001
Lets encrypt works.The only thing that doesn’t work is that it’s not shown in the system info.
interesting, so assuming you ran letsencrypt recently, can you share the output of /etc/apache2/sites-available/nextcloud.conf (hide your actual domain)?
This is the piece of code that detects this in the system info
grep "SSLCertificateFile /etc/letsencrypt/live/" /etc/apache2/sites-available/nextcloud.conf \
| sed 's|.*SSLCertificateFile /etc/letsencrypt/live/||;s|/fullchain.pem||'
, if you could run it it would be useful to diagnose
DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN
DocumentRoot /var/www/nextcloud ServerName XXXXXXXXXXXXXXXXXXXX CustomLog /var/log/apache2/nc-access.log combined ErrorLog /var/log/apache2/nc-error.log SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/letsencrypt/live/XXXXXXXXXXXXXX/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/XXXXXXXXXXXXXXX/privkey.pem# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Dav off
LimitRequestBody 0
SSLRenegBufferSize 10486000
Header always set Strict-Transport-Security “max-age=15768000; includeSubDomains”
Its the same for me as for @mcjoe. Works since you pushed the updates but it still says “none” in systeminfo.
/etc/apache2/sites-available/nextcloud.conf:
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
ServerName XX
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/XX/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XX/privkey.pem
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</IfModule>
@mcjoe @oerkel47 I see what’s going on, thanks. It should be fixed in the latest NCP version.
Please confirm this
In v1.39.13 its fixed. Thankx for you support:-)
Update NCP to 1.39.13
→ Update Nextcloud to 21.04 within NCP-Webpanel.
–>Certificate invalid (letsencrypt).
NCP-Webpanel shows NC updated to 21.04 but not certificate.
Letsencrypt wont update.
Tried fix “ncp-update devel”: says “no internet connection”
Restart of docker container NCP produces:
Webpanel of NCP is not reachable.
I have no clue where to begin 
Post output of
sudo ncp-report
via pastebin service or txt file