Hi.
I’ve installed nextcloud with a web guide and now my certificate is expired.
I renew it with certbot but if visit my nextcloud site is still says that my cert is expired. However, if visit my default web site (apache default page) the cert is valid.
I don’t know where is the cert config on nextcloud settings, but I think this settings are getting the certificate on another path.
Where can i check in nextcloud settings? Into /var/www/html/nextcloud/config/config.phpconfig.php there isn’t nothing about certs
Thanks
eehmke
April 15, 2020, 1:05pm
2
There should be an apache config file for nextcloud in /etc/apache2/sites-available, where also the apache default config is. There are the path declarations for the certs. Edit them and restart apache.
Yes, on /etc/apache2/sites-available/default-ssl.conf I set the path to the certs, but I’ve on sites-available directory any nextcloud.conf. Is for that I think there is somewhere an another nextcloud file configuration.
eehmke
April 15, 2020, 3:43pm
4
Look into /etc/apache2/sites-enabled/ There should be only symlinks into sites/enabled, but maybe by mistake the file has been created there.
Enter this command:
sudo apachectl -S
it should list all virtual hosts and refer to the config files where they are declared. Look for lines like
VirtualHost configuration:
There may be several such lines. Thereafter you find the vhost declarations.
kevdog
April 15, 2020, 4:48pm
5
Do you restart the web server?
Try to acceed to your website in private navigation and check if it works
This is the output for sudo apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
And this is my 000-default.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mydomain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/ssl/certs/mydomain.com.fullchain.pem
SSLCertificateKeyFile /etc/ssl/private/mydomain.com.privkey.pem
</VirtualHost>
Try this:
#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Information
msg_box "Important! Please read this:
This file has been truncated. show original
You need the RAW file. Run it with sudo bash activate-tls.sh
eehmke
April 15, 2020, 6:34pm
10
So you get the default apache site by
https://127.0.1.1
or
https://mydomain.com
is that right? By which address can you access your nextcloud?
Just to clarify, is your default Apache site the one serving Nextcloud? Do you have Nextcloud installed in /var/www/html ?
Just in case the issue is with the browser cache or something, you can look at the cert it’s providing with OpenSSL:
openssl s_client -connect my domain.com:443 | openssl x509 -noout -text
Near the top it will list the validity dates as not before/not after.
Not work for me. Finally, I setting up the apache sites-availables manually and with certbot all works fine.
Thanks for the command. Very useful for checking my https sites