Raspbian Owncloud Renewal

Good Evening All,

I do sincerely apologise that you're going to see another request for help with renewal of certificates, but a gander through the search and many googles later, I am not sure how to proceed further.

I'm self hosting Owncloud on a Raspberry Pi.
VERSION="10 (buster)"
I'm running with Apache2

It's accessible on ports 80 and 443 at http://foxcloud.kitmyth.net (auto redirects to https://foxcloud.kitmyth.net/index.php/login) or you can enter https://foxcloud.kitmyth.net if you want to.
I have full access to my Pi and the installation of Owncloud as needed through the terminal

I had Let's Encrypt working thanks to the following Owncloud documentation
https://doc.owncloud.com/server/next/admin_manual/installation/letsencrypt/using_letsencrypt.html

And as you can see, based on the certificate, it had a nice active certificate generated which has just expired (12th Dec 2021)
My auto renewal didn't work and I realised it was expired when the Owncloud app complained about Cert errors.

So, my domain is:

foxcloud.kitmyth.net

When I run command:
sudo /etc/letsencrypt/foxcloud.kitmyth.net.sh

I am prompted for my webroot, of which I enter:
/var/www/html/owncloud/

To which I get the following result:

Waiting for verification...
Cleaning up challenges
Running post-hook command: service apache2 reload
Failed authorization procedure. foxcloud.kitmyth.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://foxcloud.kitmyth.net/.well-known/acme-challenge/4OxQcnxt6RPC2x2QfixAW3EK4MKG9By07wIC_4ZL31s [84.71.199.22]: "\n<html class="ng-csp" data-placeholder-focus="false" lang="en" >\n\t<head data-requesttoken="XnMLJEMTLB9eChMgYwAObA"

IMPORTANT NOTES:

The above was when I tested disabling the https redirect. When it's enabled, the error is the same, but refers to a https url instead.

I have the following directory structure with an appropriate text file in the acme-challenge directory:

pi@habitatring:/etc/apache2/sites-available $ ls -lsh /var/www/html/owncloud/.well-known/acme-challenge/
total 4.0K
0 -rwxr-xr-x 1 www-data www-data 0 May 15 2021 1234
4.0K -rw-r--r-- 1 www-data www-data 24 Dec 13 21:18 test.text

But when I attempt to access said file from my browser, I get an Owncloud response that the file is not found.

The version of Certbot shows as:
certbot 0.31.0

I have access to my /var/log/letsencrypt.log if that is any help?

I recall I had problems with it working the first time, if I recall I had to open port 80 on the firewall to my Pi for the first issue to work, however, this is no longer the case it seems.

I have the following virtual host configuration under

/etc/apache2/sites-avaialble/

"000-default.conf"


<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName foxcloud.kitmyth.net

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/owncloud
        Redirect permanent / https://foxcloud.kitmyth.net/owncloud/

Alias /.well-known/acme-challenge/ /var/www/html/owncloud/.well-known/acme-challenge/
          <Directory "/var/www/html/owncloud/.well-known/acme-challenge/">
              Options None
              AllowOverride None
              ForceType text/plain
              RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
          </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

"owncloud.conf"

Alias /owncloud "/var/www/html/owncloud/"

<Directory /var/www/html/owncloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/html/owncloud
SetEnv HTTP_HOME /var/www/html/owncloud

#Redirect permanent / https://foxcloud.kitmyth.net/

</Directory>

With Kindest Regards,

This issue has been resolved by myself.

I have removed the force redirect from HTTP to HTTPS

I have also disabled the site "owncloud.conf" through Apache.

One service restart later and a successful dry run. And my certificate is renewed and all is good.

Regards,

1 Like

I don't think you should be placing redirects within directory blocks.
[and you should be able to use the "owncloud.conf" without further issue]

I'm unable to reach the "test.text" file... Did you delete it?

1 Like

And here are examples of how I handle redirection and challenge requests in Apache:

  #skip challenge requests
  <LocationMatch "^/(?!\.well-known)">
    #send all other requests to HTTPS
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
  </LocationMatch>

OR

  RewriteEngine On
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.