Help renewing certificate (ends on April 21) on nextcloudpi instance

Help
1

Hello,

I have the following problem. I don’t really understand why, but it might be linked to an apache issue I had earlier that I fixed by removing the LISTEN directive on IPv6 addresses in my port.conf. See here for the entire description of the problem: https://help.nextcloud.com/t/need-help-ncp-dist-upgrade-broke-everything-apache-config/71779.

But maybe not? Anyway, thanks for your help !

My domain is: nc.jcjm.fr

I ran this command: $ sudo letsencrypt renew (actually nextcloupi run it for me, but I just did it manually)

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nc.jcjm.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nc.jcjm.fr
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (nc.jcjm.fr) from /etc/letsencrypt/renewal/nc.jcjm.fr.conf produced an unexpected error: Failed authorization procedure. nc.jcjm.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://nc.jcjm.fr/.well-known/acme-challenge/7xUX6oIIYr1YpY9kXVCGQhYJTIE2UAS2qYEYT9jUc2Q [82.66.248.159]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/nc.jcjm.fr/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/nc.jcjm.fr/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nc.jcjm.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://nc.jcjm.fr/.well-known/acme-challenge/7xUX6oIIYr1YpY9kXVCGQhYJTIE2UAS2qYEYT9jUc2Q
   [82.66.248.159]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Raspbian 10 (buster)

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

2

Hi @jean2

if you use webroot and if that doesn't work, your webroot may be wrong or you have additional definitions.

What's the webroot of your config file (or what's your manual input)?

What says

apachectl -S
3

It gives:

$ sudo apachectl -S
VirtualHost configuration:
*:4443                 localhost (/etc/apache2/sites-enabled/ncp.conf:2)
*:443                  nc.jcjm.fr (/etc/apache2/sites-enabled/nextcloud.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

I noticed that the Main DocumentRoot is probably wrong (it should be /var/www/nextcloud I believe), so it may be that, I don't know how to change that.

4

Where is your http / port 80 vHost?

You need such a vHost. That document root -> use that in your command.

Check

5

What do you mean ?

(And thanks for your help by the way !)

6

Ah I just got what was wrong (or at least I think!)

So my http vHost was I guess in /etc/apaches/sites-available/nextcloud.conf
I noticed that another site (000-default.conf) was not activated, and that in my nextcloud.conf, there is a <VirtualHost _default_:443>, so I assumed that it was referring to that default conf that was not activated, so I activated it (a2ensite...) and now it works ! I don’t know whther my reasoning is correct or not, but let me know otherwise !

Thanks for your time

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.