Renew Letsencrypt Certificate on Nextcloud Box

ā„¹ļø Support šŸ“¦ Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hi,

I have got an expiration email. How can i renew the Letsencrypt Certificate on my Nextcloud Box ?

2

Connect to it with SSH then lunch this command in a sudo or root user :

letsencrypt renew

It will be okay normally.
You can use a cron command for not being late :

    • */1 * * letsencrypt renew
3

On the nextcloud box is Snappy Ubuntu Core running and there is no ā€œletsencryptā€ in /usr/bin/

4

nextcloud.enable-https -h shows

Run without any arguments this script will obtain a certificate from Let's Encrypt and automatically keep it up to date.

So in my opinion, the renewal of the cerificate will start automaticaly. Is this right?

5

@Nemskiller
how to set time to sync?
means how to set it to do after 90 days or like that?
or will it check daily?

6

It depends on what you enter in your crontab.

The command (not for nextcloud box) is letsencrypt renew

You can do it every day or everyweek, itā€™s not a problem letsencrypt will say :
No certificate to renew or Renewing certificate near expirying

Look how to use crontab

7

But what is the right way for the box? Will it work automaticaly or not?

8

Hi i also have the problem that auto renew seems not to work (donĀ“t know where to check) and that letsencrypt renew command is not supported!

Any help on this?

9

Yes, the auto renew seems not to work, because i got a new mail today from the Letā€™s Encrypt Team

ā€œYour certificate (or certificates) for the names listed below will expire in 9 days (on 13 Jan 17 13:13 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.ā€

What can the nextbox users do ? Is this a bug or a feature ? :frowning:

10

I would also like to know how the lets encrypt certificate will be renewed on Nextcloud Box, and when it will be renewed?

Couldnā€™t find anything from crontab or /etc/cron* which would keep it renewed.

pete

11

There was a bug. After updating to the newest version of the snap certificate renewal works for me.

There is a service which deals with the certificate renewal (snap.nextcloud.renew-certs.service). So normally the renewal is handled automatically.

Jƶrg

12

Can you please describe how you did it?
Thx!
sky

13

Normaly this will proceed automatically. If not you can trigger it with sudo snap refresh.

14

After updating to the newest version of the snap certificate renewal works for me.

I have the latest snap version running on my box. However, I also received the email from letsencrypt and the certificate expired yesterday. Re-running sudo nextcloud.enable-https produces

Attempting to obtain certificates... done
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Restarting apache... ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
done

and does not seem to work. Do I need to get rid of the old certificate first?

15

Hi,

My snaps are all updated.

$ snap list
    Name         Version      Rev   Developer  Notes
    nextcloud    11.0.1snap1  719   nextcloud  -
    ubuntu-core  16.04.1      1361  canonical  -
$ sudo snap refresh
All snaps up to date.

The mentioned renew-certs service seems to be running:

$ ps ax | grep certs
10703 ?        Ss     0:00 /bin/sh /snap/nextcloud/719/bin/renew-certs

Yet my letsencrypt cert is about to expire tomorrow.

16

Same with me, although this is because I thought that these Lets Encypt Certificate Expiration reminder emails didnt need me to do anything (just my stupidity, I dont want to cloud the current issue with an explanation of exactly why :slight_smile: ) and my certificate expired (which I wouldnā€™t have known how to do anyway).

Not knowing how to resurrect the certificate I tried to follow the instructions in part 4 here in the wiki again but ran into problems

sudo nextcloud.enable-https -d

worked OK:

Looks like youā€™re ready for HTTPS!

But

sudo nextcloud.enable-https

gave me repeated errors:

Attempting to obtain certificatesā€¦ done
ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Restarting apacheā€¦ ERROR: ld.so: object ā€˜/usr/lib/arm-linux-gnueabihf/libarmmem.soā€™ from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
done

Afterwards, I tried deleting the existing trusted certificates lines (except for the 0 line one) in my config.php file and then trying again, but this just gave me the same errors

So, now when I try to access the box it says my certificates are not correct

Can someone help me, please?

17

Please check wether the certificate was renewed or installed. I got similar messages, but the certificate was renewed/installed. You can check it with your browser,

Jƶrg

19

I have the exact same problem. Certificate is about to expire and i couldnā€™t find a way to renew itā€¦

20

Actually deleting the old certificate folders (or moving them to a backup folder) before creating new ones worked for me. I think the path was something like /var/snap/nextcloud/current/certs.

I also noticed that I had to re-generate the certificates when the snap was updated.

In the worst case, running nextcloud with a self-signed certificate should work.

21

Thanks Oli!

That worked :smiley:

For others like me, what I did exactly was:

cd /var/snap/nextcloud/current/
mv certs certs1

reboot

nextcloud.enable-https lets-encrypt -d

and after that said that I was ready

nextcloud.enable-https lets-encrypt
rm -r certs1

I used nextcloud.enable-https -h to work out that the info in the wiki doesnā€™t tell you to put in the lets-encrypt option.
Is this new? I think I only used nextcloud.enable-https -d before, but that doesnā€™t work (Although I could well have just not remembered putting in lets-encrypt)

How do I know when the snap has been updated?

1 Like