The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds - with Letsencrypt and CERBOT installed - https://www.ssllabs.com OVERALL "A" rating

Nextcloud version (eg, 10.0.2): 12.0.0
Operating system and version (eg, Ubuntu 16.04): Zorin 12 (Ubuntu 16.04)
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.18
PHP version (eg, 5.6): 7.0.18
Is this the first time you’ve seen this error?: No but fixed it somehow in the previous installation on laptop with 10 and upgraded to 11.0.2 I think

Can you reliably replicate it? (If so, please outline steps):

The issue you are facing:

The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.
The output of your Nextcloud log in Admin > Logging:

There is no error relating to https or ssl issues.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => 'XXX' 'passwordsalt' => 'YYY', 'secret' => 'ZZZ', 'trusted_domains' => array ( 0 => 'www.sample.com', 1 => 'sample.com', ), 'datadirectory' => '/media/externalHDD', 'overwrite.cli.url' => 'https://samples.com', 'dbtype' => 'mysql', 'version' => '12.0.0.29', 'dbname' => 'mycloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'oc_nextclouduser', 'dbpassword' => 'AAA', 'installed' => true, 'memcache.local' => '\OC\Memcache\APCu', ); The output of your Apache/nginx/system log in `/var/log/____`: > Error.log (sorry I was using ssh to access this from nano) [Sun Jul 02 07:35:02.186528 2017] [ssl:warn] [pid 15471] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 07:35:02.187356 2017] [mpm_prefork:notice] [pid 15471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 07:35:02.187364 2017] [core:notice] [pid 15471] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 12:52:48.024094 2017] [mpm_prefork:notice] [pid 15471] AH00169: caught SIGTERM, shutting down [Sun Jul 02 13:03:43.508289 2017] [ssl:warn] [pid 21409] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:03:43.578743 2017] [ssl:warn] [pid 21410] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:03:43.583876 2017] [mpm_prefork:notice] [pid 21410] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 13:03:43.583916 2017] [core:notice] [pid 21410] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 13:09:02.805921 2017] [mpm_prefork:notice] [pid 21410] AH00169: caught SIGTERM, shutting down [Sun Jul 02 13:14:55.548296 2017] [ssl:warn] [pid 22255] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:14:55.591906 2017] [ssl:warn] [pid 22256] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:14:55.597022 2017] [mpm_prefork:notice] [pid 22256] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 13:14:55.597064 2017] [core:notice] [pid 22256] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 13:22:52.532263 2017] [mpm_prefork:notice] [pid 22256] AH00169: caught SIGTERM, shutting down [Sun Jul 02 13:24:17.918320 2017] [ssl:warn] [pid 22963] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:24:17.968332 2017] [ssl:warn] [pid 22964] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:24:17.973368 2017] [mpm_prefork:notice] [pid 22964] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 13:24:17.973418 2017] [core:notice] [pid 22964] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 13:40:49.515459 2017] [mpm_prefork:notice] [pid 22964] AH00169: caught SIGTERM, shutting down [Sun Jul 02 13:44:31.843999 2017] [ssl:warn] [pid 24458] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:44:31.888126 2017] [ssl:warn] [pid 24459] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:44:31.893250 2017] [mpm_prefork:notice] [pid 24459] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 13:44:31.893289 2017] [core:notice] [pid 24459] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 13:47:02.386961 2017] [mpm_prefork:notice] [pid 24459] AH00169: caught SIGTERM, shutting down [Sun Jul 02 13:47:03.422046 2017] [ssl:warn] [pid 24676] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:47:03.467805 2017] [ssl:warn] [pid 24677] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 13:47:03.472913 2017] [mpm_prefork:notice] [pid 24677] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 13:47:03.472955 2017] [core:notice] [pid 24677] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 13:58:43.124165 2017] [:error] [pid 24684] [client 192.168.1.1:46380] script '/var/www/html/index.php' not found or unable to stat, referer: https://samples.com/ [Sun Jul 02 13:58:49.471896 2017] [:error] [pid 24680] [client 192.168.1.1:46390] script '/var/www/html/index.php' not found or unable to stat, referer: https://samples.com/index.html [Sun Jul 02 14:06:32.041799 2017] [:error] [pid 26242] [client 51.15.140.197:60546] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:33.355277 2017] [:error] [pid 24680] [client 51.15.140.197:36182] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:39.423766 2017] [:error] [pid 26274] [clientscript '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:39.423766 2017] [:error] [pid 26274] [client 51.15.140.197:46540] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:39.488006 2017] [:error] [pid 26280] [client 51.15.140.197:42732] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:43.306403 2017] [:error] [pid 24706] [client 51.15.140.197:34302] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:50.826856 2017] [:error] [pid 24682] [client 51.15.140.197:46798] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:06:54.126291 2017] [:error] [pid 25736] [client 51.15.140.197:59680] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:07:06.258315 2017] [:error] [pid 26279] [client 51.15.140.197:57856] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:07:08.572129 2017] [:error] [pid 26275] [client 51.15.140.197:43790] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:07:19.240529 2017] [:error] [pid 25736] [client 51.15.140.197:53096] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:07:31.173258 2017] [:error] [pid 26285] [client 51.15.140.197:37270] script '/var/www/html/status.php' not found or unable to stat [Sun Jul 02 14:09:08.091221 2017] [mpm_prefork:notice] [pid 24677] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:09:09.124195 2017] [ssl:warn] [pid 26539] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:09:09.168398 2017] [ssl:warn] [pid 26540] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:09:09.173441 2017] [mpm_prefork:notice] [pid 26540] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:09:09.173484 2017] [core:notice] [pid 26540] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 14:18:11.969983 2017] [mpm_prefork:notice] [pid 26540] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:18:15.710274 2017] [ssl:warn] [pid 27198] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:18:15.753973[pid 27198] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:18:15.753973 2017] [ssl:warn] [pid 27199] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:18:15.759015 2017] [mpm_prefork:notice] [pid 27199] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:18:15.759065 2017] [core:notice] [pid 27199] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 14:18:20.622801 2017] [:error] [pid 27202] [client 192.168.1.1:47002] script '/var/www/html/index.php' not found or unable to stat, referer: https://samples.com/ [Sun Jul 02 14:23:31.643454 2017] [:error] [pid 27217] [client 41.146.136.152:45088] script '/var/www/html/index.php' not found or unable to stat, referer: https://dynamic.ip/ [Sun Jul 02 14:28:57.211761 2017] [mpm_prefork:notice] [pid 27199] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:28:58.249983 2017] [ssl:warn] [pid 28780] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:28:58.294961 2017] [ssl:warn] [pid 28781] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:28:58.300027 2017] [mpm_prefork:notice] [pid 28781] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:28:58.300094 2017] [core:notice] [pid 28781] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 14:35:13.556058 2017] [mpm_prefork:notice] [pid 28781] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:35:14.596576 2017] [ssl:warn] [pid 29483] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:35:14.641243 2017] [ssl:warn] [pid 29484] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:35:14.646329 2017] [mpm_prefork:notice] [pid 29484] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:35:14.646380 2017] [core:notice] [pid 29484] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 14:48:00.189350 2017] [mpm_prefork:notice] [pid 29484] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:48:01.225479 2017] [ssl:warn] [pid 30440] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the servername [Sun Jul 02 14:48:01.270324 2017] [ssl:warn] [pid 30441] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:48:01.275420 2017] [mpm_prefork:notice] [pid 30441] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:48:01.275463 2017] [core:notice] [pid 30441] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 14:56:08.289537 2017] [mpm_prefork:notice] [pid 30441] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:56:09.326217 2017] [ssl:warn] [pid 31038] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:56:09.370807 2017] [ssl:warn] [pid 31039] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:56:09.375954 2017] [mpm_prefork:notice] [pid 31039] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:56:09.376004 2017] [core:notice] [pid 31039] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 14:59:32.788630 2017] [mpm_prefork:notice] [pid 31039] AH00169: caught SIGTERM, shutting down [Sun Jul 02 14:59:33.820029 2017] [ssl:warn] [pid 31328] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:59:33.864816 2017] [ssl:warn] [pid 31329] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 14:59:33.869980 2017] [mpm_prefork:notice] [pid 31329] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 14:59:33.870023 2017] [core:notice] [pid 31329] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:00:56.551563 2017] [mpm_prefork:notice] [pid 31329] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:00:57.624459 2017] [ssl:warn] [pid 31469] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:00:57.669177 2017] [ssl:warn] [pid 31470] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:00:57.674276 2017] [mpm_prefork:notice] [pid 31470] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2gconfigured -- resuming normal operations [Sun Jul 02 15:00:57.674320 2017] [core:notice] [pid 31470] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:08:23.394965 2017] [mpm_prefork:notice] [pid 31470] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:08:24.414873 2017] [ssl:warn] [pid 32038] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:08:24.460732 2017] [ssl:warn] [pid 32039] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:08:24.465896 2017] [mpm_prefork:notice] [pid 32039] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:08:24.465954 2017] [core:notice] [pid 32039] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:15:28.122730 2017] [mpm_prefork:notice] [pid 32039] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:15:29.159254 2017] [ssl:warn] [pid 32619] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:15:29.203933 2017] [ssl:warn] [pid 32620] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:15:29.209062 2017] [mpm_prefork:notice] [pid 32620] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:15:29.209107 2017] [core:notice] [pid 32620] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:48:46.694983 2017] [mpm_prefork:notice] [pid 32620] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:48:47.473878 2017] [ssl:warn] [pid 2973] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:48:47.519476 2017] [ssl:warn] [pid 2975] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:48:47.524594 2017] [mpm_prefork:notice] [pid 2975] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:48:47.524637 2017] [core:notice] [pid 2975] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:53:09.521366 2017] [mpm_prefork:notice] [pid 2975] AH00169: caught SIGTERM, shutting down [Sun Jul 0215:48:47.473878 2017] [ssl:warn] [pid 2973] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:48:47.519476 2017] [ssl:warn] [pid 2975] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:48:47.524594 2017] [mpm_prefork:notice] [pid 2975] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:48:47.524637 2017] [core:notice] [pid 2975] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:53:09.521366 2017] [mpm_prefork:notice] [pid 2975] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:53:10.543158 2017] [ssl:warn] [pid 3454] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:53:10.587819 2017] [ssl:warn] [pid 3455] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:53:10.592859 2017] [mpm_prefork:notice] [pid 3455] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:53:10.592902 2017] [core:notice] [pid 3455] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:53:26.517619 2017] [:error] [pid 3482] [client 41.146.136.152:45288] script '/var/www/html/index.php' not found or unable to stat, referer: https://dynamic ip/ [Sun Jul 02 15:53:43.267757 2017] [:error] [pid 3476] [client 41.146.136.152:45329] script '/var/www/html/index.php' not found or unable to stat, referer: https://dynamic ip / [Sun Jul 02 15:55:23.576194 2017] [mpm_prefork:notice] [pid 3455] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:55:24.614321 2017] [ssl:warn] [pid 3676] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:55:24.659046 2017] [ssl:warn] [pid 3677] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:55:24.664184 2017] [mpm_prefork:notice] [pid 3677] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:55:24.664228 2017] [core:notice] [pid 3677] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 15:59:54.115315 2017] [mpm_prefork:notice] [pid 3677] AH00169: caught SIGTERM, shutting down [Sun Jul 02 15:59:55.143081 2017] [ssl:warn] [pid 4027] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:59:55.187679 2017] [ssl:warn] [pid 4028] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 15:59:55.192772 2017] [mpm_prefork:notice] [pid 4028] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 15:59:55.192814 2017] [core:notice] [pid 4028] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:01:38.691263 2017][mpm_prefork:notice] [pid 4028] AH00169: caught SIGTERM, shutting down [Sun Jul 02 16:01:39.733477 2017] [ssl:warn] [pid 4214] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:01:39.778043 2017] [ssl:warn] [pid 4216] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:01:39.783130 2017] [mpm_prefork:notice] [pid 4216] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 16:01:39.783172 2017] [core:notice] [pid 4216] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:02:45.512024 2017] [mpm_prefork:notice] [pid 4216] AH00169: caught SIGTERM, shutting down [Sun Jul 02 16:02:46.549566 2017] [ssl:warn] [pid 4356] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:02:46.594208 2017] [ssl:warn] [pid 4357] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:02:46.599310 2017] [mpm_prefork:notice] [pid 4357] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 16:02:46.599353 2017] [core:notice] [pid 4357] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:07:23.901447 2017] [mpm_prefork:notice] [pid 4357] AH00169: caught SIGTERM, shutting down [Sun Jul 02 16:07:24.936767 2017] [ssl:warn] [pid 4764] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:07:24.981267 2017] [ssl:warn] [pid 4765] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:07:24.986310 2017] [mpm_prefork:notice] [pid 4765] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 16:07:24.986359 2017] [core:notice] [pid 4765] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:09:11.323898 2017] [mpm_prefork:notice] [pid 4765] AH00169: caught SIGTERM, shutting down [Sun Jul 02 16:09:12.358053 2017] [ssl:warn] [pid 5031] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:09:12.406844 2017] [ssl:warn] [pid5032] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:09:12.411934 2017] [mpm_prefork:notice] [pid 5032] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 16:09:12.411982 2017] [core:notice] [pid 5032] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:12:18.001442 2017] [mpm_prefork:notice] [pid 5032] AH00169: caught SIGTERM, shutting down [Sun Jul 02 16:12:19.032711 2017] [ssl:warn] [pid 5294] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:12:19.077281 2017] [ssl:warn] [pid 5295] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:12:19.082457 2017] [mpm_prefork:notice] [pid 5295] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 16:12:19.082501 2017] [core:notice] [pid 5295] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:13:04.556107 2017] [mpm_prefork:notice] [pid 5295] AH00169: caught SIGTERM, shutting down [Sun Jul 02 16:13:05.593718 2017] [ssl:warn] [pid 5410] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:13:05.639306 2017] [ssl:warn] [pid 5411] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:13:05.644450 2017] [mpm_prefork:notice] [pid 5411] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sun Jul 02 16:13:05.644500 2017] [core:notice] [pid 5411] AH00094: Command line: '/usr/sbin/apache2' [Sun Jul 02 16:13:36.059097 2017] [mpm_prefork:notice] [pid 5411] AH00171: Graceful restart requested, doing restart AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message [Sun Jul 02 16:13:36.130748 2017] [ssl:warn] [pid 5411] AH01909: samples.com:443:0 server certificate does NOT include an ID which matches the server name [Sun Jul 02 16:13:36.131255 2017] [mpm_prefork:notice] [pid 5411] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming and so on. It looks like it was just repeating itself. > And I have followed guide by going to /etc/apache2/sites-available/nextcloud.conf and add https://help.nextcloud.com/t/strict-transport-security-http-header-hsts/7047 Options +Followsymlinks AllowOverride All Header always set Strict-Transport-Security "max-age=15552000; includeSub$ and also, I have used www.scan.nextcloud.com and also got a A grade and only the thing was below which was an issue. ___Host-Prefix _ _The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of 'normal' same-site cookies._ So what I want to know is if I can ignore this error and warning message undr "ADMIN" Page or am I doing something wrong and it has to be rectified? and I also have changed my default storage to /media/nextcloud_data on the external HDD. And before I post this, I have checked on google and also this forum bu still can't seem to get this rectified as it is just for my personal cloud use so I can synchronise all the information and access them outside home. Thanks, Brad --- Remember, this information may be requested if it isn't supplied; for fastest response please provide as much as you can :heart: Feel free to use a sa service, otherwise log files can be indented with 4 spaces on each line to present them in a friendlier way on the forum.

Hello, just a really quick guess - is mod headers enabled?

apache2ctl -M | grep header

If not you can enable it via

a2enmod headers
service apache2 restart

Best regards
Daniel

// edit:
Oh one other thing:

The header directive must be outside of apache2’s
<Directory …>
directly inside the
<VirtualHost …>

Maybe posting your apache2 configuration could help.

Hi Daniel,

Thanks for getting back to me and much appreciated. And this is the output below -

  1. a2enmod is enabled
  2. sudo apache2ctl -M |grep header output -
    AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
    headers_module (shared)
  3. which apache2 configuration files are you looking for? (ubuntu 16.04)
  4. /etc/apache2/apache2.conf? (which I doubt)
  5. /etc/apache2/sites-available/nextcloud.conf
    Alias /nextcloud “/var/www/nextcloud/”

<VirtualHost *:443>

DocumentRoot "/var/www/nextcloud"
ServerName sample.com
ServerAlias www.sample.com
ServerAdmin XXX@sample.com

<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All

Dav off

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any

Header always set Strict-Transport-Security "max-age=15552000; includeSub$
  1. /etc/apache2/sites-available/
    <Virtualhost *:80>
    ServerName sample.com
    ServerAlias www.sample.com
    ServerAdmin XXX@sample.com
    DocumentRoot /var/www/nextcloud
    Redirect permanent “/” “https://sample.com/
Header always add Strict-Transport-Security "max-age=15768000;

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =sample.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I hope this is what you are looking for.

Thanks,

Hi all, is there anyone else have suggestions on this? Thanks

You are adding this header for your http-vhost (port 80), but how did you configure your ssl-vhost (Debian/Ubuntu: /etc/apache2/default-ssl.conf)? Did you put the HSTS header there as well (where it belongs to)? And a proper ServerName to get rid of your error messages.

Hi @tflidd

Thanks for your suggestion and please see the copy from /etc/apache2/sites-available/default-ssl.conf

    <VirtualHost _default_:12345>
            ServerAdmin XXX@sampple.com
            ServerName sample.com
            ServerAlias www.sample.com
            DocumentRoot /var/www/nextcloud

            <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000; $
            </IfModule>
            
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
            SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
    </VirtualHost>

Hmm you set/add the header to 80 vhost, Nextcloud.conf and ssl conf. As far as I know you just need it in your ssl conf. Try to remove it from the other two, maybe something gets mixed up there?

Set it there the way you currently have it in your Nextcloud.conf: Header always set Strict-Transport-Security "max-age=15552000; includeSub$
optionally inside the IfModule to prevent broken header module to break whole webserver due to syntax error.

Why don’t you use the syntax from the documentation?
https://docs.nextcloud.com/server/11/admin_manual/configuration_server/harden_server.html#enable-http-strict-transport-security

And you did enable mod_headers (is it in ls /etc/apache2/mods-enabled)?

Actually it is in ssl vhost I guess. The way of copy and paste just seemed to cut the ends of the header lines.

Hi all, I managed to solve this problem… not sure how it happened. I have another post about running Apache / nextcloud via VPN client connection and I had to change the DDNS to be managed by Asus router. Therefore I needed to have another CERTBOT SSL certificate. once it was re-issued on the new domain name, now all the issues went away and I now have a A+ certificate. (dont ask me how and why). I am however still battling with the VPN re-routing table and put it under /etc/network/interfaces. so wish me luck !

1 Like

and now the VPN routing battle has also been won… after 1 week of sleepless night.!

A post was split to a new topic: Variable in error message not correctly shown