first posting in GERMAN for the initial problem is not related to the actual problem of a screwed up nextcloud installation, please ignore the following and go straight down to
[Nextcloud instance destroyed due to nc-nextcloud instead of nc-limits - user failure, nc-restore help - #5 by Multisaft]
Hallo zusammen,
ich betreibe seit längerer Zeit eine NCP nextcloud und dies auch größtenteils erfolgreich.
Leider gibt es mit IPhones im automatischen Upload öfters Probleme, und die Performance für andere User außerhalb meines Netzwerks (manchmal auch innerhalb des LAN) lässt manchmal auch zu wünschen übrig trotz SSD als Daten- und Datenbankspeicher, großem Upload, täglichem Cron für Vorschaugenerierung usw.).
Darum soll es garnicht gehen,
ich habe ein Problem mit dem Verständnis über und der Config meines Zertifikates.
Ich nutze in der NCP Konfiguration die Letsencrypt Einstellungen, dies scheint auch zu funktionieren (zumindest wird das Zertifikat regelmäßig erneuert), forcehttps ist ebenfalls aktiv.
In meinen Nextcloud Benachrichtigung beim Login auf der weboberfläche der Nextcloud findet sich aber wöchentlich/alle zwei Wochen ein SSL renewal error mit Details im letsencrypt.log, der letzte vom 1.Mai.
das aktuelle letsencrypt.log file wirft aber deutlich mehr fehler, ca. 1-2 Mal am Tag wird ein renewale angestrebt welcher abgebrochen wird weil das config file broken ist?
hier der letzte Durchlauf
2022-05-05 02:06:41,781:DEBUG:certbot.main:certbot version: 0.31.0
2022-05-05 02:06:41,785:DEBUG:certbot.main:Arguments: ['-q']
2022-05-05 02:06:41,785:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-05-05 02:06:41,810:DEBUG:certbot.log:Root logging level set at 30
2022-05-05 02:06:41,811:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-05-05 02:06:41,840:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0xb5417190> and installer <certbot.cli._Default object at 0xb5417190>
2022-05-05 02:06:41,861:INFO:certbot.renewal:Cert not yet due for renewal
2022-05-05 02:06:41,863:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2022-05-05 02:06:41,867:WARNING:certbot.renewal:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 68, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3/dist-packages/certbot/storage.py", line 463, in __init__
self._check_symlinks()
File "/usr/lib/python3/dist-packages/certbot/storage.py", line 522, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/montino.duckdns.org/cert.pem to be a symlink
2022-05-05 02:06:41,872:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/montino.duckdns.org.conf is broken. Skipping.
2022-05-05 02:06:41,873:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 68, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3/dist-packages/certbot/storage.py", line 463, in __init__
self._check_symlinks()
File "/usr/lib/python3/dist-packages/certbot/storage.py", line 522, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/montino.duckdns.org/cert.pem to be a symlink
2022-05-05 02:06:41,873:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
ist es möglich, dass ich in meinem System zwei Setups betreibe (ich weiß es nicht mehr weil der Fehler mindestens schon 12-18 Monate besteht).
<–! Paste this in GitHub report →
NextCloudPi diagnostics
NextCloudPi version v1.47.1
OS Raspbian GNU/Linux 10. 5.10.103-v7l+ (armv7l)
automount yes
USB devices sda
datadir /media/myCloudDrive/ncdata
data in SD no
data filesystem btrfs
data disk usage 371G/932G
rootfs usage 3.3G/29G
swapfile /var/swap
dbdir /media/USBdrive/ncdatabase
Nextcloud check ok
Nextcloud version 23.0.2.1
HTTPD service up
PHP service up
MariaDB service up
Redis service up
HPB service up
Postfix service up
internet check ok
port check 80 closed
port check 443 closed
IP ***REMOVED SENSITIVE VALUE***
gateway ***REMOVED SENSITIVE VALUE***
interface eth0
certificates ***REMOVED SENSITIVE VALUE***
NAT loopback no
uptime 10days
Nextcloud configuration
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": {
"0": "localhost",
"1": "192.168.1.4",
"2": "montino.duckdns.org",
"5": "nextcloudpi.local",
"7": "nextcloudpi",
"8": "nextcloudpi.lan",
"12": "montino.duckdns.org",
"3": "raspberrypi",
"": "raspberrypi",
"14": "raspberrypi"
},
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "23.0.2.1",
"overwrite.cli.url": "https:\/\/raspberrypi\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0,
"password": "***REMOVED SENSITIVE VALUE***"
},
"tempdirectory": "\/media\/myCloudDrive\/ncdata\/tmp",
"mail_smtpmode": "smtp",
"mail_smtpauthtype": "LOGIN",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"preview_max_x": "2048",
"preview_max_y": "2048",
"jpeg_quality": "75",
"overwriteprotocol": "https",
"maintenance": false,
"logfile": "\/media\/myCloudDrive\/ncdata\/nextcloud.log",
"loglevel": "2",
"log_type": "file",
"mail_sendmailmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***"
}
}
HTTPd logs
[Thu May 05 08:20:28.680112 2022] [authz_host:error] [pid 11142:tid 2780947456] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /js/minified.js failed, reason: unable to get the remote host name
[Thu May 05 08:20:28.700780 2022] [authz_host:error] [pid 11142:tid 2806150144] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/reboot.svg failed, reason: unable to get the remote host name
[Thu May 05 08:20:28.700856 2022] [authz_host:error] [pid 11142:tid 2755744768] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/defaults.svg failed, reason: unable to get the remote host name
[Thu May 05 08:20:28.716510 2022] [authz_host:error] [pid 11142:tid 2755744768] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/favicon.png failed, reason: unable to get the remote host name
[Thu May 05 08:20:28.732298 2022] [authz_host:error] [pid 11142:tid 2755744768] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /ncp-output.php failed, reason: unable to get the remote host name
[Thu May 05 08:20:28.732298 2022] [authz_host:error] [pid 11142:tid 2806150144] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/search.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.732337 2022] [authz_host:error] [pid 11142:tid 2789348352] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/defaults-white.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.732348 2022] [authz_host:error] [pid 11142:tid 2764145664] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/settings-white.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.732586 2022] [authz_host:error] [pid 11142:tid 2764145664] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/logs.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.732590 2022] [authz_host:error] [pid 11142:tid 2797749248] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/dashboard.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.732590 2022] [authz_host:error] [pid 11142:tid 2772546560] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/wizard.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.732769 2022] [authz_host:error] [pid 11142:tid 2780947456] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/nc-button.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:28.740295 2022] [authz_host:error] [pid 11142:tid 2780947456] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /ncp-launcher.php failed, reason: unable to get the remote host name
[Thu May 05 08:20:33.738941 2022] [authz_host:error] [pid 11142:tid 2772546560] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/info-white.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:33.739187 2022] [authz_host:error] [pid 11142:tid 2806150144] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/files.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:33.739331 2022] [authz_host:error] [pid 11142:tid 2764145664] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/info.svg failed, reason: unable to get the remote host name, referer: https://192.168.1.4:4443/css/ncp.css
[Thu May 05 08:20:53.834470 2022] [authz_host:error] [pid 11142:tid 2780947456] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /ncp-launcher.php failed, reason: unable to get the remote host name
[Thu May 05 08:21:26.200836 2022] [authz_host:error] [pid 11142:tid 2780947456] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /ncp-launcher.php failed, reason: unable to get the remote host name
[Thu May 05 08:21:26.200921 2022] [authz_host:error] [pid 11142:tid 2806150144] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/delete.svg failed, reason: unable to get the remote host name
[Thu May 05 08:21:26.200920 2022] [authz_host:error] [pid 11142:tid 2764145664] [client 192.168.1.9:49762] AH01753: access check of 'localhost' to /img/download.svg failed, reason: unable to get the remote host name
Database logs
Nextcloud logs
REMOVED SENSITIVE VALUE"
Die Nextcloud logs habe ich entfernt weil ich 100te Fehler eines Sofortuploads gerade bekomme weil bei einem User das Passwort abgelaufen ist.
cat /var/log/ncp.log
Thu 5 May 06:25:09 CEST 2022 - Running /etc/cron.daily/ncp-autoupdate...
[ncp-update-nc]
Current Nextcloud version 23.0.2.1
Available Nextcloud version 23.0.2
Nothing to update
Wenn ich das bereits aktivierte Letsencrypt Config in der NCP Weboberfläche erneut ausführe, dann erstellt er wohl ein neues Zertifikat mit 002. Eigentlich wollte ich nur ein Renewable anstoßen über die Oberfläche um zu gucken, was dann passiert.
Wie kann ich jetzt das 002 löschen, und zurück auf mein 001 gehen?
Folgender Log beim Ausführen des Letsencrypt in NCP Weboberfläche:
[ letsencrypt ] (Thu May 5 09:18:04 CEST 2022)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for montino.duckdns.org
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/montino.duckdns.org-0002/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/montino.duckdns.org-0002/privkey.pem
Your cert will expire on 2022-08-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
INFO: Letsencrypt domain is montino.duckdns.org
System config value trusted_domains => 11 set to string montino.duckdns.org
System config value trusted_domains => 3 set to string montino.duckdns.org
System config value overwrite.cli.url set to string https://montino.duckdns.org/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string montino.duckdns.org
System config value trusted_proxies => 14 set to string 84.148.160.88
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
Wegen des initialen Problems habe ich jetzt mal die Renewale conf gelöscht die nicht zu 001 und 002 gehört (eben der im letsencrypt.log bezeichnete Fehler:
WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/montino.duckdns.org.conf is broken. Skipping.
Vielleicht hab ich damit ja schon den hier beschriebene Config-Fehler behoben?
Wie kann ich dann jetzt Safe das 002 Zertifikat löschen?
ich hoffe jemand kann mir helfen, die Fehler sind unschön. Der erste Fehler mit dem “renewal Problem” verunsicherte mich, ich würde diesen gerne beheben. Der zweite mit einem doppelten Zertifkat ist natürlich auch mist. Kan ich einfach alles 002 aus /etc/letsencrypt/live und /renewal löschen?