Hi,
So I have a letsencrypt certificate problem as mentioned in this thread here : renew letsencrypt certificate:
I got a certificate problem on my nextcloud box. “The certificate has expired”.
Effective Date: Tue May 9 12:12:00 2017 GMT Expiration Date: Mon Aug 7 12:12:00 2017 GMT
Firefox doesn’t allow me to connect to my server because of this, and other apps don’t work as well. The version I have is 11.0.3. It never updated to v. 12, I don’t know if it’s related.
From what I understood, and it seemed to have worked well for the last 9 months, I have nothing to do to renew my certificate.I’m currently on vacation and don’t have ssh access to the server. What can I do ?
On the Nextcloud desktop client, I have a SSL handshake failed
error.
On the Android client I have a socket exception
in the Activity panel and I can’t upload anything.
But I have access to my Nextcloud instance with a browser that let me go through the certificate problem.
I’m now back at my place, and I tried to reactivate the certificate with sudo nextcloud.enable-https lets-encrypt
but I got the following error saying that it cannot reach my server.
$ sudo nextcloud.enable-https lets-encrypt
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
In order for Let's Encrypt to verify that you actually own the
domain(s) for which you're requesting a certificate, there are a
number of requirements of which you need to be aware:
1. In order to register with the Let's Encrypt ACME server, you must
agree to the currently-in-effect Subscriber Agreement located
here:
https://letsencrypt.org/repository/
By continuing to use this tool you agree to these terms. Please
cancel now if otherwise.
2. You must have the domain name(s) for which you want certificates
pointing at the external IP address of this machine.
3. Both ports 80 and 443 on the external IP address of this machine
must point to this machine (e.g. port forwarding might need to be
setup on your router).
Have you met these requirements? (y/n) y
Please enter an email address (for urgent notices or key recovery): myaddress@mail.com
Please enter your domain name(s) (space-separated): myserver.host.com
Attempting to obtain certificates... error running certbot:
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for myserver.host.com
Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. myserver.host.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://myserver.host.com/.well-known/acme-challenge/cEWMZEVvune2OzgVYLxWQUK2BhqGQXXX: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: myserver.host.com
Type: connection
Detail: Fetching
http://myserver.host.com/.well-known/acme-challenge/cEWMZEVvune2OzgVYLxWQUK2BhqGQXXX:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
So it appears that it can’t access my server, it’s not clear why. There is a bunch of ld.so
which I don’t understand either, not sure if it has an impact here though.
I used sudo nextcloud.enable-https self-signed
, and it worked, but I still have warnings everywhere because I’m not a trusted authority, and it’s kind of annoying.
So I don’t really know what to do, any help would be appreciated. I just like to renew the letsencrypt certificate.
The wiki is rather light on the matter.
Thanks