Hallo, when I update nextcloud, the update script check if all needed files are present and if there are no new files.
However I have a folder named .well-known and I need that folder to be there (it is used by Let’s Encrypt).
Everytime I have to move it out from the folder where there is Nextcloud installed and then to move it again in the right path.
This is the error that I get:
Check for expected files The following extra files have been found: .well-known
QUESTION
Is it possible to configure the update script to ignore the .well-known folder (or other files present in the nextcloud folder?)
Thanks,
Giacomo
Nextcloud version 12.0.1:
Operating system and version Ubuntu 14.04:
Apache:
PHP version 5.6:
Is this the first time you’ve seen this error?: no, everytime I make an update
Can you reliably replicate it? just create a new file or folder before updating
Not at the moment. My question is: Does your .well-known folder has to be in the nextcloud folder? Because this is not true for my installation with lets-encrypt.
Got the same error here upgrading to 12.3, but I’m on shared hosting so I’ve no way of accessing VirtualHost to change the location so it’s going to be an ongoing problem.
The updater also complained about the presence of error_log - from it’s content that must have been created either by Nextcloud on a previous upgrade, or by softaculous when I installed it. Hopefully that won’t reappear now I’ve deleted it.
An option to ignore or remove such files in the upgrade routine would certainly be a plus.
I suggest you put it somewhere else, a webdir that’s only for LE, eg /var/www/le-tmp and use that for the exchange. configure your LE-client to use that one, eg my.server.com/le-tmp/ (or something more obfuscated and obsure). i think it’s quite easy to do that with getssl
there is really no reason for this to be inside a webapp’s dir.
GOOD LUCK
Yes, unfortunally, it is mandatory to have that folder, if you want to use the program certbot in manual mode.
I have the address nextcloud.example.com that points to the root of nextcloud.
To have the certificate, I must put a special file in that folder.
Maybe you have more permissions than I have, on the server where you installed nextcloud, but that is the only way I can use certbot to have a valid certificate.
To upgrade NC, I have to move the .well-known folder outside from the root of nextcloud, upgrade, and then move the folder back.
I have no access rights to handle LetsEncrypt at VirtualHost layer. I just have access via ftp to a folder where my files are hosted.
The only way to use letsencrypt is to use certbot in manual mode (on another server) to request the certificate and to put some files in that directory to demostrate that I’m the owner of that domain (or subdomain).
if you are allowed to change apache’s config and directory-layout you can configure it for .well-known/acme-challenge/ to be served from someplace else. but of course this is not necessarily the case in all hosting-setups.
GOOD LUCK!
I’m just allowed to edit .htaccess file, but to keep things simple, NC should ignore the .well-known folder, or at least prompt for doing so. I have to connect via ftp, remove the folder, do the upgrade and then upload it again.
its a little bit strange that a software forces an admin how to architect the structure of the filesystem.
If Nextcloud would better work with secured webhosting maybe some “extra files” wouldnt even exist.
However, there must be a possibility for admins to whitelist extra files in the document root of the instance. Otherwise its a bug and not a feature anymore. Every security barrier knows whitelists, even the hardest firewall does. So please dont makes us laugh when you try to tell us that you cant implement a whitelist if you expect this filecanner to remain in place.
2024 and this bug going strong. You are not protectict anything, you just making the update process harder since I need to get in, remove the files needed for nexttcloud to work (for example php.ini) update and then put them back. Some devs are so so stuborn.
