search

NethServer / dev

NethServer issue tracker
https://github.com/NethServer/dev/issues
63 stars 19 forks source link

Nextcloud 25.0.2 - Fails to update Letsencript Certificate #6728

Closed Nume1977 closed 1 year ago

Nume1977 commented 1 year ago

Using: Nextcloud 25.0.2 / v1.21.0 Virtual Domain for nextcloud is active, and uses: "cloud.mydomain.com"

Before the update to 1.21.0, SSL renewals worked fine.

I have tracked the failed acme-challange to the "cloud.mydomain.com", all others domains/subdomains renew ok, only Nextcloud fails.

The failed subdomain on the Letsencrypt log:

{
  "identifier": {
    "type": "dns",
    "value": "cloud.myserver.com"
  },
  "status": "invalid",
  "expires": "2023-01-21T09:50:23Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "194.62.60.xx: Invalid response from https://cloud.myserver.com/index.php/login: \"\u003c!DOCTYPE html\u003e\\n\u003chtml class=\\\"ng-csp\\\" data-placeholder-focus=\\\"false\\\" lang=\\\"en\\\" data-locale=\\\"en\\\" \u003e\\n\\t\u003chead\\n data-requesttoken=\\\"PjCk\"",
        "status": 403
      },
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4946595183/ctyytg",
      "token": "AkSIja0Ebtq9392G-q1YnjUMPp_05AcmxkQD4CAN-j4",
      "validationRecord": [
        {
          "url": "http://cloud.myserver.com/.well-known/acme-challenge/AkSIja0Ebtq9392G-q1YnjUMPp_05AcmxkQD4CAN-j4",
          "hostname": "cloud.myserver.com",
          "port": "80",
          "addressesResolved": [
            "194.62.60.xx"
          ],
          "addressUsed": "194.62.60.xx"
        },
        {
          "url": "https://cloud.myserver.com/.well-known/acme-challenge/AkSIja0Ebtq9392G-q1YnjUMPp_05AcmxkQD4CAN-j4",
          "hostname": "cloud.myserver.com",
          "port": "443",
          "addressesResolved": [
            "194.62.60.xx"
          ],
          "addressUsed": "194.62.60.xx"
        },
        {
          "url": "https://cloud.myserver.com/index.php/login",
          "hostname": "cloud.myserver.com",
          "port": "443",
          "addressesResolved": [
            "194.62.60.xx"
          ],
          "addressUsed": "194.62.60.xx"
        }
      ],
      "validated": "2023-01-14T09:50:24Z"
    }
  ]
}
2023-01-14 09:50:31,033:DEBUG:acme.client:Storing nonce: B37C6-Y_G5mPAsH1R91FFoG73fOLBj4BQOc-zxsNwhKACVI
2023-01-14 09:50:31,036:WARNING:certbot._internal.auth_handler:Challenge failed for domain cloud.myserver.com
2023-01-14 09:50:31,037:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.myserver.com
2023-01-14 09:50:31,038:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: cloud.myserver.com
Type:   unauthorized
Detail: 194.62.60.xx: Invalid response from https://cloud.myserver.com/index.php/login: "<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" >\n\t<head\n data-requesttoken=\"PjCk"
Nume1977 commented 1 year ago

I was able to bypass this problem by disabling the virtual host on the Nextcloud config tab, and then manually requesting the LetsEncript certificate.

After the new certificate is installed i re-enabled the virtual host.

gsanchietti commented 1 year ago

Thank you for reporting, I missed this one.

I will try to reproduce the issue and search for a fix.

gsanchietti commented 1 year ago

I've tried to reproduce the error but I correctly requested and renewed the certificate with Nextcloud virtualhost enabled. Please verify the virtualhost used for Nextcloud is not the main FQDN of the machine.

Nume1977 commented 1 year ago

I've tried to reproduce the error but I correctly requested and renewed the certificate with Nextcloud virtualhost enabled. Please verify the virtualhost used for Nextcloud is not the main FQDN of the machine.

The main FQDN is myserver.com, Nextcloud is using cloud.myserver.com.

From what i could understand the "http://cloud.myserver.com/.well-known/acme-challenge/" is not redirecting to the correct place, it seems to send the request to the login page.

I could try to uninstall / reinstall Nextcloud from the control panel and see if the problem persists.

Can someone confirm i will not loose the database / files if i do this?

gsanchietti commented 1 year ago

From what i could understand the "http://cloud.myserver.com/.well-known/acme-challenge/" is not redirecting to the correct place, it seems to send the request to the login page.

That's correct: this is your problem but I'm not able to reproduce it with standard configuration.

Maybe you have extra httpd config?

Can someone confirm i will not loose the database / files if i do this?

Data are preserved, but please execute a backup first. Still I do not think the reinstall will solve your problem.

Please open a new thread inside https://community.nethserver.org/ and let's see if anyone else have the same problem. I'm closing this issue for now.