We need to see (and "fix") this file:
3 Likes
gary@nextcloud:~$ cat /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/nextcloud"
ServerName nextcloud
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory "/var/www/nextcloud/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
</VirtualHost>
</IfModule>
Sorry. I'm having trouble getting these files off the server to my pc to upload them to you.
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
I don't need to see those log files.
The "problem" is that the nextcloud-le-ssl.conf file isn't using a certificate [at all].
Did you modify that file?
Is there a backup?
3 Likes
Are you opposed to me deleting the cert and creating a new one with command:
sudo certbot --apache ?
I am currently using DNS-01 challenge with a txt record in godaddy's dnd managemnt
Yes.
There is nothing wrong with the cert.
You could try reinstalling it.
4 Likes
Port 80 is good, you can use HTTP-01 going forward/on renewals.
Well... at least at this IP - LOL
4 Likes
Try:
certbot install --cert-name [whatever the certname is]
3 Likes
Confused on your last statement - use HTTP-01
You shouldn't have to use DNS-01 [you can, but you shouldn't have to]
HTTP-01 authentication is much simpler to use/automate and to troubleshoot.
4 Likes
My current cert info:
gary@nextcloud:~$ sudo certbot certificates
[sudo] password for gary:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: gwiz.site
Serial Number: 3cc2d465a3a319673440ce5fb5720e19b77
Key Type: RSA
Domains: gwiz.site
Expiry Date: 2023-03-03 17:31:34+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/gwiz.site/fullchain.pem
Private Key Path: /etc/letsencrypt/live/gwiz.site/privkey.pem
Try:
certbot install --cert-name gwiz.site
3 Likes
gary@nextcloud:~$ certbot install --cert-name gwiz.site
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-e92cdmxd/log or re-run Certbot with -v for more details.
gary@nextcloud:~$ sudo !!
sudo certbot install --cert-name gwiz.site
[sudo] password for gary:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Deploying certificate
We were unable to find a vhost with a ServerName or Address of gwiz.site.
Which virtual host would you like to choose?
1: nextcloud-le-ssl.conf | nextcloud | HTTPS | Enabled
2: nextcloud.conf | nextcloud | | Enabled
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Successfully deployed certificate for gwiz.site to /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
Failed redirect for gwiz.site
Unable to set the redirect enhancement for gwiz.site.
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Seems to be working. Using this online tool SSL Server Test (Powered by Qualys SSL Labs) here are the results SSL Server Test: gwiz.site (Powered by Qualys SSL Labs)
Let me restart apache
restarted and no go
You need to add the alias: gwiz.site
3 Likes