Update ignoring extra files or folders

Hallo, when I update nextcloud, the update script check if all needed files are present and if there are no new files.

However I have a folder named .well-known and I need that folder to be there (it is used by Let’s Encrypt).
Everytime I have to move it out from the folder where there is Nextcloud installed and then to move it again in the right path.

This is the error that I get:

Check for expected files
The following extra files have been found:
.well-known

QUESTION
Is it possible to configure the update script to ignore the .well-known folder (or other files present in the nextcloud folder?)

Thanks,
Giacomo


Nextcloud version 12.0.1:
Operating system and version Ubuntu 14.04:
Apache:
PHP version 5.6:
Is this the first time you’ve seen this error?: no, everytime I make an update

Can you reliably replicate it? just create a new file or folder before updating

Not at the moment. My question is: Does your .well-known folder has to be in the nextcloud folder? Because this is not true for my installation with lets-encrypt.

This would also solve your problem

No, don’t save own files or folders in the Nextcloud folder.

Also .well-known isn’t part of Nextcloud so you have to remove it manually. :wink:

Can you be more precise, pls ? With Nginx, I was not able to make the renewal running without this folder into the NC dirs…

With others apps, no problem but with NC…

Thanks in advance !

Got the same error here upgrading to 12.3, but I’m on shared hosting so I’ve no way of accessing VirtualHost to change the location so it’s going to be an ongoing problem.

The updater also complained about the presence of error_log - from it’s content that must have been created either by Nextcloud on a previous upgrade, or by softaculous when I installed it. Hopefully that won’t reappear now I’ve deleted it.

An option to ignore or remove such files in the upgrade routine would certainly be a plus.

I suggest you put it somewhere else, a webdir that’s only for LE, eg /var/www/le-tmp and use that for the exchange. configure your LE-client to use that one, eg my.server.com/le-tmp/ (or something more obfuscated and obsure). i think it’s quite easy to do that with getssl
there is really no reason for this to be inside a webapp’s dir.
GOOD LUCK

Yes, unfortunally, it is mandatory to have that folder, if you want to use the program certbot in manual mode.
I have the address nextcloud.example.com that points to the root of nextcloud.
To have the certificate, I must put a special file in that folder.

Maybe you have more permissions than I have, on the server where you installed nextcloud, but that is the only way I can use certbot to have a valid certificate.

To upgrade NC, I have to move the .well-known folder outside from the root of nextcloud, upgrade, and then move the folder back.

Giacomo

I have no access rights to handle LetsEncrypt at VirtualHost layer. I just have access via ftp to a folder where my files are hosted.

The only way to use letsencrypt is to use certbot in manual mode (on another server) to request the certificate and to put some files in that directory to demostrate that I’m the owner of that domain (or subdomain).

Giacomo

the webapp’s dir overlaps the subdomain root dir, so the .well-known folder must be there :frowning:

Giacomo

if you are allowed to change apache’s config and directory-layout you can configure it for .well-known/acme-challenge/ to be served from someplace else. but of course this is not necessarily the case in all hosting-setups.
GOOD LUCK!

I’m just allowed to edit .htaccess file, but to keep things simple, NC should ignore the .well-known folder, or at least prompt for doing so. I have to connect via ftp, remove the folder, do the upgrade and then upload it again.

Thanks, Giacomo

its a little bit strange that a software forces an admin how to architect the structure of the filesystem.
If Nextcloud would better work with secured webhosting maybe some “extra files” wouldnt even exist.

However, there must be a possibility for admins to whitelist extra files in the document root of the instance. Otherwise its a bug and not a feature anymore. Every security barrier knows whitelists, even the hardest firewall does. So please dont makes us laugh when you try to tell us that you cant implement a whitelist if you expect this filecanner to remain in place.

Simon

Was this issue solved? I need it for ISPConfig STATS folder for Statistics. Can not this folder delete, because this folder is in NC root tree.

Thank you