SSL on nextcloud

:/etc/apache2/sites-enabled$ ls -la /etc/apache2/sites-enabled/
total 12
drwxr-xr-x 2 root root 4096 Dec 19 11:01 .
drwxr-xr-x 8 root root 4096 Dec 19 10:43 …
-rw-r–r-- 1 root root 1024 Dec 19 08:21 .nextcloud.conf.swp
lrwxrwxrwx 1 root root 50 Dec 14 17:04 nextcloud-le-ssl.conf -> /etc/apache2/sites-available/nextcloud-le-ssl.conf

Server name was “nextcloud” and in the https://“was my domain”,
i cange the server name to the domain aswell but i got the same problem

/etc/apache2/sites-enabled$ sudo apachectl configtest
Syntax OK

I’m usining ubuntu server

I don’t know if it’s helps but this is my VH conf:

VirtualHost configuration:

“IP”:80 “Domain” (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
“IP”:443 “Domain” (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:14)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

Good, did you reload the config afterwars?

Can we try to do debugging in browser? We need to open debugging Network tool, for Firefox it is under Web Developer --> Network (choice Persistent Logs):

Now we will be able to see what is redirected and where. On a screenshot above I goes to http to my server and it replays with 301 and redirected me to https://mydoamin.com (location in headers below the screenshot), then it is starting to loading with code 200. Basically this is what this config should do. Please open http connection to your server.

I did reload and restart the service few times yes.

As you can see it’s find nothing when the “Redirect permanent” is on.
When it’s off “#Redirect permanent”:

Lets check logs, please check what is in your /var/log/apache2/access.log and error.log.
Also is first 301 pointing to your server URL with https?

I suppose something is wrong with your SSL module or openSSL, here is Gist how to setup it quickly

And I really wondering why you see Apache web page…
Is your nextcloud really under /var/www/html/nextcloud/???

Please check your /etc/apache2/mods-enabled/dir.conf, it should looks like this (index.php is on a first place):

<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

access.log:

172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/Interface HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/WTF HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Documents HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Pictures HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/Interface HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/WTF HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Documents HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Pictures HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/Interface HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/WTF HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Documents HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Pictures HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"

error.log:

$
[Fri Dec 20 00:05:20.810208 2019] [core:info] [pid 20977] [client 172.69.130.101:25246] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 00:05:20.810221 2019] [core:debug] [pid 20977] protocol.c(1375): [client 172.69.130.101:25246] AH00567: request failed: error reading the headers
[Fri Dec 20 00:05:20.844208 2019] [core:debug] [pid 20975] protocol.c(1022): (28)No space left on device: [client 172.69.130.101:25284] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635$
[Fri Dec 20 00:05:20.844312 2019] [core:info] [pid 20975] [client 172.69.130.101:25284] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 00:05:20.844328 2019] [core:debug] [pid 20975] protocol.c(1375): [client 172.69.130.101:25284] AH00567: request failed: error reading the headers
[Fri Dec 20 00:05:20.877213 2019] [core:debug] [pid 20976] protocol.c(1022): (28)No space left on device: [client 172.69.130.101:25298] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635$
[Fri Dec 20 00:05:20.877316 2019] [core:info] [pid 20976] [client 172.69.130.101:25298] AH00561: Request header exceeds LimitRequestFieldSize: Cookieq
[Fri Dec 20 00:05:20.877327 2019] [core:debug] [pid 20976] protocol.c(1375): [client 172.69.130.101:25298] AH00567: request failed: error reading the headers
[Fri Dec 20 00:05:25.763660 2019] [core:debug] [pid 20978] protocol.c(1022): (28)No space left on device: [client 172.69.130.101:26982] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635$
[Fri Dec 20 00:05:25.763823 2019] [core:info] [pid 20978] [client 172.69.130.101:26982] AH00561: Request header exceeds LimitRequestFieldSize: Cookie

I am trying now to do the openssl.

But after i fix the defult page I an now getting:

Forbidden

You don’t have permission to access / on this server.
I tryid to take owner for www-data, I am now looking into it

protocol.c(1022): (28)No space left on device

Seems your disk is full? Or the /var partition

1 Like

Yea, it’s been fix and wasent the problem.
I am prety sure this is somthing withe the nextcloud-le-ssl,
If i go back to nextcloud.conf all working fine (ofc it’s not https)

You see Apache Web page via HTTP only because we delete all Nexctloud settings from the HTTP server and configure redirect only.

If you want to use http at least as workaround for now, please change config as following:
<VirtualHost "IP":80>

ServerName nextcloud
ServerAdmin "admin@host"

DocumentRoot /var/www/html/nextcloud/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

#Redirect permanent / https://"host"/

<Directory /var/www/html/nextcloud/>
	Options +FollowSymlinks
	AllowOverride All

	<IfModule mod_dav.c>
		Dav off
	</IfModule>

	SetEnv HOME /var/www/html/nextcloud
	SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>

</VirtualHost>

<VirtualHost "IP":443>

ServerName nextcloud
ServerAdmin "admin@host"

DocumentRoot /var/www/html/nextcloud/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/"host"/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/"host"/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/"host"/chain.pem
	
<FilesMatch "\.(cgi|shtml|phtml|php)$">
	SSLOptions +StdEnvVars
</FilesMatch>

<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
</Directory>
    
<Directory /var/www/html/nextcloud/>
	Options +FollowSymlinks
	AllowOverride All

	<IfModule mod_dav.c>
		Dav off
	</IfModule>

	SetEnv HOME /var/www/html/nextcloud
	SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Referrer-Policy no-referrer
ErrorDocument 403 "Hmmmm... Looks it is not here xD:)"

</VirtualHost>

Can we check if all needed modules are enabled in apache? Run:

apache2ctl -M | sort
My output example (for HTTP2 enabled):

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
core_module (static)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
headers_module (shared)
http2_module (shared)
http_module (static)
log_config_module (static)
logio_module (static)
mime_module (shared)
mpm_event_module (shared)
negotiation_module (shared)
proxy_fcgi_module (shared)
proxy_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
so_module (static)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
unixd_module (static)
version_module (static)
watchdog_module (static)
Loaded Modules:

Again, ty for the time you put to help me

access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 core_module (static)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 http_module (static)
Loaded Modules:
 log_config_module (static)
 logio_module (static)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php7_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 so_module (static)
 ssl_module (shared)
 status_module (shared)
 unixd_module (static)
 version_module (static)
 watchdog_module (static)

This is what i get when i cange the conf to what you link:

****@nivsrvubu:/etc/apache2/sites-available$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
****@nivsrvubu:/etc/apache2/sites-available$ sudo service apache2 status
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-12-20 09:25:37 UTC; 6s ago
  Process: 33632 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
  Process: 31894 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 33638 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
 Main PID: 32611 (code=exited, status=0/SUCCESS)

Dec 20 09:25:36 nivsrvubu systemd[1]: Starting The Apache HTTP Server...
Dec 20 09:25:36 nivsrvubu apachectl[33638]: AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/nextcloud.conf:
Dec 20 09:25:36 nivsrvubu apachectl[33638]: SSLCertificateFile: file '/etc/letsencrypt/live/********/cert.pem' does not exist or is empty
Dec 20 09:25:36 nivsrvubu apachectl[33638]: Action 'start' failed.
Dec 20 09:25:36 nivsrvubu apachectl[33638]: The Apache error log may have more information.
Dec 20 09:25:37 nivsrvubu systemd[1]: apache2.service: Control process exited, code=exited status=1
Dec 20 09:25:37 nivsrvubu systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 20 09:25:37 nivsrvubu systemd[1]: Failed to start The Apache HTTP Server.

That strange why it works before… If you are using Let’s Encrypt Certificate via e.g. Certbot or Acme.sh, it should be there.
Where did you get Certificate?
Is this self signed Certificate, or from Let’s Encrypt?
Where it is stored?

Basically you need at least 2 files Certificate and Private key.

Could you please check what is in this folder?

ls -la /etc/letsencrypt/live/DOMAIN
#OR to see all
ls -laR /etc/letsencrypt/live/
My output example
# ls -laR /etc/letsencrypt/live/
/etc/letsencrypt/live/:
total 20
drwx------ 5 root root 4096 Nov 25 10:41 .
drwxr-xr-x 9 root root 4096 Dec 20 06:24 ..
drwxr-xr-x 2 root root 4096 Nov 25 10:41 Domain1
drwxr-xr-x 2 root root 4096 Jul  8 07:20 Domain2
drwxr-xr-x 2 root root 4096 Dec  5 15:29 Domain2-0001

/etc/letsencrypt/live/Domain1:
total 12
drwxr-xr-x 2 root root 4096 Nov 25 10:41 .
drwx------ 5 root root 4096 Nov 25 10:41 ..
-rw-r--r-- 1 root root  682 Nov 25 10:41 README
lrwxrwxrwx 1 root root   52 Nov 25 10:41 cert.pem -> ../../archive/Domain1/cert1.pem
lrwxrwxrwx 1 root root   53 Nov 25 10:41 chain.pem -> ../../archive/Domain1/chain1.pem
lrwxrwxrwx 1 root root   57 Nov 25 10:41 fullchain.pem -> ../../archive/Domain1/fullchain1.pem
lrwxrwxrwx 1 root root   55 Nov 25 10:41 privkey.pem -> ../../archive/Domain1/privkey1.pem

/etc/letsencrypt/live/Domain2:
total 12
drwxr-xr-x 2 root root 4096 Jul  8 07:20 .
drwx------ 5 root root 4096 Nov 25 10:41 ..
-rw-r--r-- 1 root root  543 Jul 13  2017 README
lrwxrwxrwx 1 root root   39 Jul  8 07:20 cert.pem -> ../../archive/Domain2/cert13.pem
lrwxrwxrwx 1 root root   40 Jul  8 07:20 chain.pem -> ../../archive/Domain2/chain13.pem
lrwxrwxrwx 1 root root   44 Jul  8 07:20 fullchain.pem -> ../../archive/Domain2/fullchain13.pem
lrwxrwxrwx 1 root root   42 Jul  8 07:20 privkey.pem -> ../../archive/Domain2/privkey13.pem

/etc/letsencrypt/live/Domain2-0001:
total 12
drwxr-xr-x 2 root root 4096 Dec  5 15:29 .
drwx------ 5 root root 4096 Nov 25 10:41 ..
-rw-r--r-- 1 root root  543 Oct  6 14:22 README
lrwxrwxrwx 1 root root   43 Dec  5 15:29 cert.pem -> ../../archive/Domain2-0001/cert2.pem
lrwxrwxrwx 1 root root   44 Dec  5 15:29 chain.pem -> ../../archive/Domain2-0001/chain2.pem
lrwxrwxrwx 1 root root   48 Dec  5 15:29 fullchain.pem -> ../../archive/Domain2-0001/fullchain2.pem
lrwxrwxrwx 1 root root   46 Dec  5 15:29 privkey.pem -> ../../archive/Domain2-0001/privkey2.p

P.S. You can check if config is valid without restarting the server via command:

apachectl configtest

Hellom,

Where did you get Certificate?:

I use the guide from this video: “https://www.youtube.com/watch?v=7Bo78eDEy7g&feature=emb_logo

This is the original command:

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
sudo certbot --apache -d example.com

Is this self signed Certificate, or from Let’s Encrypt?:
This is not self signed Certificate as far as I got it.

Where it is stored?:
/etc/letsencrypt/live/DOMAIN

Could you please check what is in this folder?:

/etc/letsencrypt/live/:
total 12
drwx------ 3 root root 4096 Dec 16 19:32 .
drwxr-xr-x 9 root root 4096 Dec 20 09:43 ..
drwxr-xr-x 2 root root 4096 Dec 20 09:43 "Host"

/etc/letsencrypt/live/"Host":
total 16
drwxr-xr-x 2 root root 4096 Dec 20 09:43 .
drwx------ 3 root root 4096 Dec 16 19:32 ..
lrwxrwxrwx 1 root root   41 Dec 20 09:43 cert.pem -> ../../archive/"Host"/cert4.pem
lrwxrwxrwx 1 root root   42 Dec 20 09:43 chain.pem -> ../../archive/"Host"chain4.pem
lrwxrwxrwx 1 root root   46 Dec 20 09:43 fullchain.pem -> ../../archive/"Host"fullchain4.pem
lrwxrwxrwx 1 root root   44 Dec 20 09:43 privkey.pem -> ../../archive/"Host"/privkey4.pem
-rw-r--r-- 1 root root  682 Dec 16 19:32 README
-rw-r--r-- 1 root root 1024 Dec 19 08:54 .readme.swp

Could you please copy path to the certificate from the apache2 config and use it in following command:

openssl x509 -in PathFromApacheTo/cert.pem  -text -noout

This will show you information about Certificate, could be that you did typo in a path or Certificate pointing to the wrong file.

Output example is:
openssl x509 -in /etc/letsencrypt/live/YOUR.DOMAIN/cert.pem  -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:a7:f7:83:b7:ef:57:ef:be:66:9e:27:1f:2a:0f:75:a3:8d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Dec  5 13:29:30 2019 GMT
            Not After : Mar  4 13:29:30 2020 GMT
        Subject: CN = YOUR.DOMAIN
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)

I just found that config is a bit outdated in this forum since time, please use this part instead with fullchain and private key:

	SSLCertificateFile /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/YOUR.DOMAIN/privkey.pem

my mistake :zipper_mouth_face:

It’s seems thet I got a problem withe the certificate, i need to try to make new or somthing.

I tryed to fix it my self so you have few lines of error here

I’m thinking abot “redo” everything but i don’t want to give up! xD
error.log:

[Fri Dec 20 11:20:12.331307 2019] [ssl:info] [pid 36045] AH01914: Configuring server nextcloud:443 for SSL protocol
[Fri Dec 20 11:20:12.331319 2019] [ssl:debug] [pid 36045] ssl_engine_init.c(1708): AH10083: Init: (nextcloud:443) mod_md support is unavailable.
[Fri Dec 20 11:20:12.331643 2019] [ssl:debug] [pid 36045] ssl_engine_init.c(479): AH01893: Configuring TLS extension handling
[Fri Dec 20 11:20:12.331675 2019] [ssl:debug] [pid 36045] ssl_util_stapling.c(868): AH01960: OCSP stapling initialized
[Fri Dec 20 11:20:12.332047 2019] [ssl:debug] [pid 36045] ssl_util_ssl.c(476): AH02412: [nextcloud:443] Cert does not match for name 'nextcloud' [subject: CN=*******/ issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=U$
[Fri Dec 20 11:20:12.332066 2019] [ssl:warn] [pid 36045] AH01909: nextcloud:443:0 server certificate does NOT include an ID which matches the server name
[Fri Dec 20 11:20:12.332074 2019] [ssl:info] [pid 36045] AH02568: Certificate and private key nextcloud:443:0 configured from /etc/letsencrypt/live/********/cert.pem and /etc/letsencrypt/live/*******/privkey.pem
[Fri Dec 20 11:20:12.332390 2019] [ssl:info] [pid 36045] AH02576: Attempting to load encrypted (?) private key nextcloud:443:1
[Fri Dec 20 11:20:12.332525 2019] [ssl:error] [pid 36045] AH02579: Init: Private key not found
[Fri Dec 20 11:20:12.332548 2019] [ssl:error] [pid 36045] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Dec 20 11:20:12.332567 2019] [ssl:error] [pid 36045] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
[Fri Dec 20 11:20:12.332587 2019] [ssl:error] [pid 36045] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Dec 20 11:20:12.332626 2019] [ssl:error] [pid 36045] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
[Fri Dec 20 11:20:12.332644 2019] [ssl:error] [pid 36045] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
[Fri Dec 20 11:20:12.332657 2019] [ssl:error] [pid 36045] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Dec 20 11:20:12.332672 2019] [ssl:error] [pid 36045] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Dec 20 11:20:12.332682 2019] [ssl:emerg] [pid 36045] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Fri Dec 20 11:20:12.332690 2019] [ssl:emerg] [pid 36045] AH02564: Failed to configure encrypted (?) private key nextcloud:443:1, check /etc/letsencrypt/live/*******/fullchain.pem
AH00016: Configuration Failed
[Fri Dec 20 11:31:48.186362 2019] [ssl:info] [pid 36239] AH01887: Init: Initializing (virtual) servers for SSL
[Fri Dec 20 11:31:48.186447 2019] [ssl:info] [pid 36239] AH01914: Configuring server *******:443 for SSL protocol
[Fri Dec 20 11:31:48.186457 2019] [ssl:debug] [pid 36239] ssl_engine_init.c(1708): AH10083: Init: (*******:443) mod_md support is unavailable.
[Fri Dec 20 11:31:48.186777 2019] [ssl:debug] [pid 36239] ssl_engine_init.c(479): AH01893: Configuring TLS extension handling
[Fri Dec 20 11:31:48.186805 2019] [ssl:debug] [pid 36239] ssl_util_stapling.c(868): AH01960: OCSP stapling initialized
[Fri Dec 20 11:31:48.187135 2019] [ssl:debug] [pid 36239] ssl_util_ssl.c(476): AH02412: [*******:443] Cert matches for name '*******' [subject: CN=*******/ issuer: CN=Let's Encrypt Authority X3,O=Let's En$
[Fri Dec 20 11:31:48.187150 2019] [ssl:info] [pid 36239] AH02568: Certificate and private key *******:443:0 configured from /etc/letsencrypt/live/c*******/cert.pem and /etc/letsencrypt/live/c*******/privkey.$
[Fri Dec 20 11:31:48.187432 2019] [ssl:info] [pid 36239] AH02576: Attempting to load encrypted (?) private key *******:443:1
[Fri Dec 20 11:31:48.187565 2019] [ssl:error] [pid 36239] AH02579: Init: Private key not found
[Fri Dec 20 11:31:48.187588 2019] [ssl:error] [pid 36239] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Dec 20 11:31:48.187607 2019] [ssl:error] [pid 36239] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
[Fri Dec 20 11:31:48.187622 2019] [ssl:error] [pid 36239] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Dec 20 11:31:48.187638 2019] [ssl:error] [pid 36239] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
[Fri Dec 20 11:31:48.187653 2019] [ssl:error] [pid 36239] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
[Fri Dec 20 11:31:48.187667 2019] [ssl:error] [pid 36239] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Dec 20 11:31:48.187682 2019] [ssl:error] [pid 36239] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Dec 20 11:31:48.187692 2019] [ssl:emerg] [pid 36239] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Fri Dec 20 11:31:48.187701 2019] [ssl:emerg] [pid 36239] AH02564: Failed to configure encrypted (?) private key *******:443:1, check /etc/letsencrypt/live/*******fullchain.pem

from here I tryed to go over thie guide:
https://help.ubuntu.com/lts/serverguide/certificates-and-security.html#generating-a-csr
To create new server and priver keys

AH00016: Configuration Failed
[Fri Dec 20 11:48:57.003526 2019] [ssl:info] [pid 36763] AH01887: Init: Initializing (virtual) servers for SSL
[Fri Dec 20 11:48:57.003601 2019] [ssl:info] [pid 36763] AH01914: Configuring server *******:443 for SSL protocol
[Fri Dec 20 11:48:57.003624 2019] [ssl:debug] [pid 36763] ssl_engine_init.c(1708): AH10083: Init: (*******:443) mod_md support is unavailable.
[Fri Dec 20 11:48:57.003927 2019] [ssl:debug] [pid 36763] ssl_engine_init.c(479): AH01893: Configuring TLS extension handling
[Fri Dec 20 11:48:57.003958 2019] [ssl:debug] [pid 36763] ssl_util_stapling.c(868): AH01960: OCSP stapling initialized
[Fri Dec 20 11:48:57.004038 2019] [ssl:emerg] [pid 36763] AH02562: Failed to configure certificate*******:443:0 (with chain), check /etc/ssl/certs/*******.csr
[Fri Dec 20 11:48:57.004066 2019] [ssl:emerg] [pid 36763] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKe$
[Fri Dec 20 11:48:57.004088 2019] [ssl:emerg] [pid 36763] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Fri Dec 20 11:52:41.489310 2019] [ssl:info] [pid 1954] AH01887: Init: Initializing (virtual) servers for SSL
[Fri Dec 20 11:52:41.490343 2019] [ssl:info] [pid 1954] AH01914: Configuring server *******:443 for SSL protocol
[Fri Dec 20 11:52:41.490358 2019] [ssl:debug] [pid 1954] ssl_engine_init.c(1708): AH10083: Init: (*******:443) mod_md support is unavailable.
[Fri Dec 20 11:52:41.500104 2019] [ssl:debug] [pid 1954] ssl_engine_init.c(479): AH01893: Configuring TLS extension handling
[Fri Dec 20 11:52:41.500170 2019] [ssl:debug] [pid 1954] ssl_util_stapling.c(868): AH01960: OCSP stapling initialized
[Fri Dec 20 11:52:41.500846 2019] [ssl:emerg] [pid 1954] AH02562: Failed to configure certificate *******:443:0 (with chain), check /etc/ssl/certs/c*******.csr
[Fri Dec 20 11:52:41.500883 2019] [ssl:emerg] [pid 1954] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKey$
[Fri Dec 20 11:52:41.500905 2019] [ssl:emerg] [pid 1954] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

EDIT:
I fix the problem with the key,
Now this is were we at:
IF “#Redirect permanent / https://“Host”/”
I can get to the http site very good.
IF “Redirect permanent / https://“Host”/”
ERR_TOO_MANY_REDIRECTS

This is my error.log:

[Fri Dec 20 12:35:41.042102 2019] [core:info] [pid 3729] [client 172.69.130.11:40318] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 12:35:41.042118 2019] [core:debug] [pid 3729] protocol.c(1375): [client 172.69.130.11:40318] AH00567: request failed: error reading the headers
[Fri Dec 20 12:35:41.076539 2019] [core:debug] [pid 3742] protocol.c(1022): (28)No space left on device: [client 172.69.130.11:41400] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635; oc_s$
[Fri Dec 20 12:35:41.076682 2019] [core:info] [pid 3742] [client 172.69.130.11:41400] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 12:35:41.076693 2019] [core:debug] [pid 3742] protocol.c(1375): [client 172.69.130.11:41400] AH00567: request failed: error reading the headers
[Fri Dec 20 12:35:41.110912 2019] [core:debug] [pid 3728] protocol.c(1022): (28)No space left on device: [client 172.69.130.11:40256] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635; oc_s$
[Fri Dec 20 12:35:41.110998 2019] [core:info] [pid 3728] [client 172.69.130.11:40256] AH00561: Request header exceeds LimitRequestFieldSize: Cookie

Any thing else you can think of before i restart everyting and going from the start?

https://“IP”= going to defult apache2 page
http://“IP”= going to webgui
https://“Domain” = going to webgui not secure
http://“Domain” = going to webgui

Basically something is wrong with your Certificates, could you try to create new one?
I think with certbot is is something like

sudo certbot --force-renewal

I already reset the system and make it from scratch, now it’s working but i got another problem now.