Server unreachable, letsencrypt/certificate issue

Hello everyone,

My nextcloudpi server is suddenly unreachable (gui in browser, both locally and from outside LAN) but i can ssh into it. No config changes were manually made.

It seems to be an issue with the certificates/letsencrypt. opening up the respective files which are supposed to have a syntax error, there does not seem to be anything wrong with it.

→ how do i fix this issue? I cannot access the gui, and so i cannot easily renew or change the letsencrypt certs. not that comfortable with CLI, but some research got me the following:

apachectl configtest gives:

AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf: SSLCertificateFile: file '/etc/letsencrypt/live/[DOMAIN.DOMAIN.COM]/fullchain.pem' does not exist or is empty
Action 'configtest' failed.

Additionally, sudo systemctl status apache2.service -l --no-pager gives:

Oct 16 14:48:57 nextcloudpi apachectl[4317]: AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
Oct 16 14:48:57 nextcloudpi apachectl[4317]: SSLCertificateFile: file '/etc/letsencrypt/live/[DOMAIN.DOMAIN.COM]/fullchain.pem' does not exist or is empty
Oct 16 14:48:57 nextcloudpi apachectl[4317]: Action 'start' failed.
Oct 16 14:48:57 nextcloudpi apachectl[4317]: The Apache error log may have more information.
Oct 16 14:48:57 nextcloudpi systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Oct 16 14:48:57 nextcloudpi systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 16 14:48:57 nextcloudpi systemd[1]: Failed to start The Apache HTTP Server.

Similarly, trying to renew letsencrypt in ncp-confighas the following output:

INFO: Letsencrypt domain is [DOMAIN]
INFO: Metrics enabled: no
WARN: [DOMAIN] will not be included in trusted domains for Nextcloud (maximum reached). It will still be included in the SSL certificate
System config value trusted_domains => 3 set to string [DOMAIN]
System config value overwrite.cli.url set to string https://[DOMAIN]/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string [DOMAIN]
System config value trusted_proxies => 14 set to string [LOCALIP]
✓ redis is configured
🗴 can't connect to push server: cURL error 7: Failed to connect to [DOMAIN] port 443: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://[DOMAIN]/push/test/cookie
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/[DOMAIN]/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.

I hope anyone can help me out.

NextCloudPi version v1.41.10
Operating system and version: Raspbian GNU/Linux 10. 5.10.63-v7l+ (armv7l)
Apache or nginx version: unknown
PHP version: unknown

what is the output from

ls -lR /etc/letsencrypt/live/

(hide you actual domain name)

after that, can you try to run the update again?

What update should i run again?

The output from ls -lR /etc/letsencrypt/live/ is:

total 16
-rw-r--r-- 1 root root  740 Oct 15 12:52 README
drwxr-xr-x 2 root root 4096 Oct 15 12:53 [DOMAIN]-0001
drwxr-xr-x 2 root root 4096 Oct 20 11:00 [DOMAIN]-0002
drwxr-xr-x 2 root root 4096 Oct 20 11:02 [DOMAIN]-0003

/etc/letsencrypt/live/[DOMAIN]-0001:
total 4
lrwxrwxrwx 1 root root  54 Oct 15 12:53 cert.pem -> ../../archive/[DOMAIN]-0001/cert2.pem
lrwxrwxrwx 1 root root  55 Oct 15 12:53 chain.pem -> ../../archive/[DOMAIN]-0001/chain2.pem
lrwxrwxrwx 1 root root  59 Oct 15 12:53 fullchain.pem -> ../../archive/[DOMAIN]-0001/fullchain2.pem
lrwxrwxrwx 1 root root  57 Oct 15 12:53 privkey.pem -> ../../archive/[DOMAIN]-0001/privkey2.pem
-rw-r--r-- 1 root root 692 Oct 15 12:52 README

/etc/letsencrypt/live/[DOMAIN]-0002:
total 4
lrwxrwxrwx 1 root root  54 Oct 20 11:00 cert.pem -> ../../archive/[DOMAIN]-0002/cert1.pem
lrwxrwxrwx 1 root root  55 Oct 20 11:00 chain.pem -> ../../archive/[DOMAIN]-0002/chain1.pem
lrwxrwxrwx 1 root root  59 Oct 20 11:00 fullchain.pem -> ../../archive/[DOMAIN]-0002/fullchain1.pem
lrwxrwxrwx 1 root root  57 Oct 20 11:00 privkey.pem -> ../../archive/[DOMAIN]-0002/privkey1.pem
-rw-r--r-- 1 root root 692 Oct 20 11:00 README

/etc/letsencrypt/live/[DOMAIN]-0003:
total 4
lrwxrwxrwx 1 root root  54 Oct 20 11:02 cert.pem -> ../../archive/[DOMAIN]-0003/cert1.pem
lrwxrwxrwx 1 root root  55 Oct 20 11:02 chain.pem -> ../../archive/[DOMAIN]-0003/chain1.pem
lrwxrwxrwx 1 root root  59 Oct 20 11:02 fullchain.pem -> ../../archive/[DOMAIN]-0003/fullchain1.pem
lrwxrwxrwx 1 root root  57 Oct 20 11:02 privkey.pem -> ../../archive/[DOMAIN]-0003/privkey1.pem
-rw-r--r-- 1 root root 692 Oct 20 11:02 README

thanks, now please update NCP (from web panel or doing sudo ncp-update) and run letsencrypt again

Thanks for the suggestion. updated to v1.41.12. I think that did do something, it seems i have less errors when running letsencrypt (or i am dreaming). I still get this error:

[...]✓ redis is configured
🗴 can't connect to push server: cURL error 7: Failed to connect to [DOMAIN] port 443: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://[DOMAIN]/push/test/cookie
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/[DOMAIN]/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.

FYI: fullchain.pem does exist, but is empty.

wow, that’s a new one.

Can we try this

• run letsencrypt and disable it
• run letsencrypt again and enable it

Ha! (stupid) turning letsencrypt off solved the issue, server is back online.
It throws the error that i cannot request more certificates per 168 hours and i’ll have to wait for another letsencrypt cert.