Koozali.org: home of the SME Server

erreur renouvellement certificat let's encrypt sur mon nextcloud

Offline jblb

  • 7
  • +0/-0
Bonjour,

sur un serveur SME10 avec nextcloud d'installé en suivant https://wiki.koozali.org/Nextcloud, alors que tout marchais correctement, voila qu'au moment du renouvellement du certificat j'ai une erreur d'aces a https://cloud.jblb.net/.well-known/acme-challenge/...

l'erreur est un peut etre normale car il n'y a pas de repertoire .well-known/ dans le repertoire d'installation de NextCloud

bien sur pas d'erreur dans le fichier httpd/error_log....

je ne sais plus trop ou chercher

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat let's encrypt sur mon nextcloud
« Reply #1 on: March 22, 2022, 01:17:08 AM »
If you installed nextckoud via the contrib at

https://my.server.net/nextcloud

There will not be a .well-known directory in /nextcloud - only in the Primary ibay.

So what else have you done?

Is this a clean install or an install/restore?

Have you ever had working certificates?

Please describe exactly how you installed nextcloud and letsencrypt/dehydrated.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jblb

  • 7
  • +0/-0
Re: erreur renouvellement certificat let's encrypt sur mon nextcloud
« Reply #2 on: March 22, 2022, 02:27:40 PM »
If you installed nextckoud via the contrib at

https://my.server.net/nextcloud

yes and i also add a new domain to get https://mycloud.server.net/ has  https://wiki.koozali.org/Nextcloud#Use_a_dedicated_domain_to_connect_to_Nextcloud

actualy https://my.server.net/nextcloud works fine, but https://mycloud.server.net cant validate a new certificat

Quote
There will not be a .well-known directory in /nextcloud - only in the Primary ibay.
good to know i didn't find information about this
Quote
So what else have you done?
change config of domains mycloud.server.net by disabled letsencryptSSLcert in domain db and run dehydrated to renew other certficats
Quote
Is this a clean install or an install/restore?
this server is a update from sme9 to sme10 with restore
Quote
Have you ever had working certificates?
not sure it's even works since update (yes update is recent...) 
Quote
Please describe exactly how you installed nextcloud and letsencrypt/dehydrated.
following wiki page for both of them, but in sme9 and then upgrade to sme10

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat let's encrypt sur mon nextcloud
« Reply #3 on: March 22, 2022, 02:53:20 PM »
Did you remove all your old templates?

Code: [Select]
/sbin/e-smith/audittools/templates
What else have you got installed:

Code: [Select]
/sbin/e-smith/audittools/newrpms
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jblb

  • 7
  • +0/-0
Re: erreur renouvellement certificat let's encrypt sur mon nextcloud
« Reply #4 on: March 22, 2022, 03:22:15 PM »
Did you remove all your old templates?
i think so

Code: [Select]
/sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/usr/bin/hook-script.sh/05deploy_cert_mailpile: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/10Root: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sysconfig/syslog/90AllowRemoteSyslog: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sysconfig/rsyslog/90AllowRemoteSyslog: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dehydrated/domains.txt/15mailpile: MANUALLY_ADDED, ADDITION

Quote
What else have you got installed:
Code: [Select]
/sbin/e-smith/audittools/newrpms

Modules complémentaires chargés : fastestmirror, post-transaction-actions,
                                : priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: mirror.plusserver.com
 * smeaddons: mirror.pialasse.com
 * smeos: mirror.pialasse.com
 * smeupdates: mirror.pialasse.com
 * updates: centos.crazyfrogs.org
Paquets supplémentaires
GeoIP.x86_64                         1.6.12-9.el7.sme               @smecontribs
GeoIP-GeoLite-data.noarch            2018.06-7.el7.sme              @smecontribs
GeoIP-GeoLite-data-extra.noarch      2018.06-7.el7.sme              @smecontribs
ImageMagick6-libs.x86_64             6.9.12.43-1.el7.remi           @remi-safe 
hddtemp.x86_64                       0.3-0.31.beta15.el7            @smecontribs
libicu69.x86_64                      69.1-2.el7.remi                @remi-safe 
openvpn.x86_64                       2.4.11-1.el7                   @smecontribs
perl-Array-Compare.noarch            3.0.0-1.of.el7                 @smecontribs
perl-B-Hooks-OP-Check.x86_64         0.22-1.of.el7                  @smecontribs
perl-Class-Method-Modifiers.noarch   2.13-1.of.el7                  @smecontribs
perl-Class-XSAccessor.x86_64         1.19-2.el7                     @smecontribs
perl-Devel-GlobalDestruction.noarch  0.14-1.of.el7                  @smecontribs
perl-Lexical-SealRequireHints.x86_64 0.011-1.of.el7                 @smecontribs
perl-Module-Runtime.noarch           0.016-1.of.el7                 @smecontribs
perl-Moo.noarch                      2.004004-2.of.el7              @smecontribs
perl-Params-Classify.x86_64          0.013-7.el7                    @smecontribs
perl-Role-Tiny.noarch                2.001004-1.of.el7              @smecontribs
perl-Sub-Exporter-Progressive.noarch 0.001013-1.of.el7              @smecontribs
perl-Sub-Name.x86_64                 0.26-1.of.el7                  @smecontribs
perl-Sub-Quote.noarch                2.006006-1.of.el7              @smecontribs
perl-bareword-filehandles.x86_64     0.007-1.of.el7                 @smecontribs
perl-indirect.x86_64                 0.39-1.of.el7                  @smecontribs
perl-multidimensional.x86_64         0.014-1.of.el7                 @smecontribs
perl-strictures.noarch               2.000006-1.of.el7              @smecontribs
php74.x86_64                         1.0-3.el7.remi                 @remi-safe 
php74-php-gmp.x86_64                 7.4.28-1.el7.remi              @remi-safe 
php74-php-pecl-apcu.x86_64           5.1.21-1.el7.remi              @remi-safe 
php74-php-pecl-imagick-im6.x86_64    3.7.0-1.el7.remi               @remi-safe 
php74-php-pecl-inotify.x86_64        3.0.0-1.el7.remi               @remi-safe 
php74-php-pecl-mcrypt.x86_64         1.0.4-1.el7.remi               @remi-safe 
php74-php-smbclient.x86_64           1.0.6-1.el7.remi               @remi-safe 
php81-php.x86_64                     8.1.4-1.el7.remi               @remi-safe 
php81-php-bcmath.x86_64              8.1.4-1.el7.remi               @remi-safe 
php81-php-cli.x86_64                 8.1.4-1.el7.remi               @remi-safe 
php81-php-common.x86_64              8.1.4-1.el7.remi               @remi-safe 
php81-php-enchant.x86_64             8.1.4-1.el7.remi               @remi-safe 
php81-php-fpm.x86_64                 8.1.4-1.el7.remi               @remi-safe 
php81-php-gd.x86_64                  8.1.4-1.el7.remi               @remi-safe 
php81-php-imap.x86_64                8.1.4-1.el7.remi               @remi-safe 
php81-php-intl.x86_64                8.1.4-1.el7.remi               @remi-safe 
php81-php-ldap.x86_64                8.1.4-1.el7.remi               @remi-safe 
php81-php-mbstring.x86_64            8.1.4-1.el7.remi               @remi-safe 
php81-php-mysqlnd.x86_64             8.1.4-1.el7.remi               @remi-safe 
php81-php-opcache.x86_64             8.1.4-1.el7.remi               @remi-safe 
php81-php-pdo.x86_64                 8.1.4-1.el7.remi               @remi-safe 
php81-php-pear.noarch                1:1.10.13-1.el7.remi           @remi-safe 
php81-php-pecl-xmlrpc.x86_64         1.0.0~rc3-1.el7.remi           @remi-safe 
php81-php-pecl-zip.x86_64            1.20.0-1.el7.remi              @remi-safe 
php81-php-process.x86_64             8.1.4-1.el7.remi               @remi-safe 
php81-php-snmp.x86_64                8.1.4-1.el7.remi               @remi-safe 
php81-php-soap.x86_64                8.1.4-1.el7.remi               @remi-safe 
php81-php-sodium.x86_64              8.1.4-1.el7.remi               @remi-safe 
php81-php-tidy.x86_64                8.1.4-1.el7.remi               @remi-safe 
php81-php-xml.x86_64                 8.1.4-1.el7.remi               @remi-safe 
php81-runtime.x86_64                 8.1-1.el7.remi                 @remi-safe 
pkcs11-helper.x86_64                 1.11-3.el7                     @smecontribs
smeserver-adv-samba.noarch           0.2.0-2.el7.sme                @smetest   
smeserver-bridge-interface.noarch    0.2-7.el7.sme                  @smecontribs
smeserver-dhcp-dns.noarch            1.2.0-5.el7.sme                @smecontribs
smeserver-dhcpmanager.noarch         2.0.4-12.el7.sme               @smecontribs
smeserver-git.noarch                 1.2.0-5.el7.sme                @smecontribs
smeserver-gitweb.noarch              1.1.0-14.el7.sme               @smecontribs
smeserver-gitweb-theme.noarch        1.1.0-1.el7.sme                @smecontribs
smeserver-nextcloud.noarch           1.2.0-11.el7.sme               @smecontribs
smeserver-smbstatus.noarch           1.2-3                          @smecontribs
smeserver-smeadmin.noarch            1.6-4.el7.sme                  @smecontribs
smeserver-tftp-server.noarch         1.2-9.el7.sme                  @smecontribs
smeserver-thinclient.noarch          2.1-4.el7.sme                  @smecontribs
smeserver-tt-rss.noarch              9:0.5.0-2.el7.sme              @smetest   
smeserver-wsdd.noarch                0.2-5.el7.sme                  @smecontribs
tt-rss.noarch                        20211029.git9714c4fbcf-1.el7.sme
                                                                    @smecontribs
wsdd.noarch                          0.7.0-1.el7                    @smecontribs


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat let's encrypt sur mon nextcloud
« Reply #5 on: March 22, 2022, 08:36:25 PM »
Hmmm.

You really should not be doing this:

/etc/e-smith/templates-custom/etc/sudoers/10Root

Unless you absolutely need to, and know exactly what you are doing, don't do that.

Also you should not be installing ANYTHING from smetest on a production machine. That is an easy way to irretrievably bork yourserver. Use a test machine for testing.

And then I can see these:

/etc/e-smith/templates-custom/usr/bin/hook-script.sh/05deploy_cert_mailpile
/etc/e-smith/templates-custom/etc/dehydrated/domains.txt/15mailpile

And I cannot see the smeserver-letsencrypt contrib, so you have manually installed letsencrypt/dehydrated but we have no idea how you have configured it. It doesn't look like you have the httpd templates that you need.

Please go back, undo what you have done and install he contrib which should make installation a lot easier for you, we know what has been installed, and is easier for us to diagnose.

https://wiki.koozali.org/Letsencrypt#Contrib_Installation_of_Dehydrated
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: erreur renouvellement certificat let's encrypt sur mon nextcloud
« Reply #6 on: March 26, 2022, 12:00:11 AM »
essayes avec la version de smeserver-letsencrypt dans smetest. 

j’ai vu qu’en cas de domaine dedié nextcloud la version actuelle ne donne pas acces aux fichier de validation.