Trying to use our own wildcard certificate, broke site

Nextcloud version (eg, 20.0.5): 15.0.4.0
Operating system and version (eg, Ubuntu 20.04): Ubuntu Linux 20.04.2
Apache or nginx version (eg, Apache 2.4.25): 2.4.41
PHP version (eg, 7.4): 7.4.3

The issue you are facing:

I tried to install our own certificates (we bought a wildcard) to replace LetsEncrypt as I am getting cert errors almost weekly, even though the cert tests show there’s nothing wrong. I uploaded the three files (the cert, the key and the ca to /etc/ssl and changed the path in the webmin to reflect those paths and names. When I restarted Apache2 it wouldn’t load, so I rebooted the whole server. The server came back up but the Nextcloud login page is unavailable.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Don’t backup your system before changing something important.
  2. Change something important.
  3. Break the system. :slight_smile:

The output of your Nextcloud log in Admin > Logging:

I can't upload this as the file paths being shown contain identifiable client information.

The output of your config.php file in `/path/to/nextcloud` (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'REMOVED',
  'secret' => 'REMOVED',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '192.168.35.21',
    2 => 'securedrop.mydomain.ca',
    3 => 'securedrop.mydomain.ca',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'pgsql',
  'version' => '17.0.0.9',
  'overwrite.cli.url' => 'https://securedrop.mydomain.ca/',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'ncadmin',
  'dbpassword' => 'REMOVED',
  'installed' => true,
  'instanceid' => 'oc5a107a3xcz',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'mail_smtpmode' => 'smtp',
  'remember_login_cookie_lifetime' => '1800',
  'log_rotate_size' => '10485760',
  'trashbin_retention_obligation' => 'auto, 180',
  'versions_retention_obligation' => 'auto, 365',
  'simpleSignUpLink.shown' => 'false',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.5,
    'dbindex' => 0,
    'password' => 'REMOVED',
  ),
  'logtimezone' => 'America/Halifax',
  'htaccess.RewriteBase' => '/',
  'maintenance' => false,
  'mail_from_address' => 'myemail',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'mydomain.ca',
  'mail_smtphost' => '192.168.35.6',
  'mail_smtpport' => '25',
  'theme' => '',
);

The output of your Apache/nginx/system log in `/var/log/____`:
Not sure exactly what log you are looking for here - I don't have an nginx log as I used the VM.

Is any error shown in the browser? Is apache starting? Can you show your apache config?

Error: Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

The Apache2 service is running.

Apache2.conf

# comments snipped out
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
	Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
ServerSignature Off
ServerTokens Prod
ServerName securedrop.mydomain.ca