Koozali.org: home of the SME Server
Other Languages => Français => Topic started by: jblb on March 21, 2022, 11:48:57 PM
-
Bonjour,
sur un serveur SME10 avec nextcloud d'installé en suivant https://wiki.koozali.org/Nextcloud, alors que tout marchais correctement, voila qu'au moment du renouvellement du certificat j'ai une erreur d'aces a https://cloud.jblb.net/.well-known/acme-challenge/...
l'erreur est un peut etre normale car il n'y a pas de repertoire .well-known/ dans le repertoire d'installation de NextCloud
bien sur pas d'erreur dans le fichier httpd/error_log....
je ne sais plus trop ou chercher
-
If you installed nextckoud via the contrib at
https://my.server.net/nextcloud
There will not be a .well-known directory in /nextcloud - only in the Primary ibay.
So what else have you done?
Is this a clean install or an install/restore?
Have you ever had working certificates?
Please describe exactly how you installed nextcloud and letsencrypt/dehydrated.
-
If you installed nextckoud via the contrib at
https://my.server.net/nextcloud
yes and i also add a new domain to get https://mycloud.server.net/ has https://wiki.koozali.org/Nextcloud#Use_a_dedicated_domain_to_connect_to_Nextcloud
actualy https://my.server.net/nextcloud works fine, but https://mycloud.server.net cant validate a new certificat
There will not be a .well-known directory in /nextcloud - only in the Primary ibay.
good to know i didn't find information about this
So what else have you done?
change config of domains mycloud.server.net by disabled letsencryptSSLcert in domain db and run dehydrated to renew other certficats
Is this a clean install or an install/restore?
this server is a update from sme9 to sme10 with restore
Have you ever had working certificates?
not sure it's even works since update (yes update is recent...)
Please describe exactly how you installed nextcloud and letsencrypt/dehydrated.
following wiki page for both of them, but in sme9 and then upgrade to sme10
-
Did you remove all your old templates?
/sbin/e-smith/audittools/templates
What else have you got installed:
/sbin/e-smith/audittools/newrpms
-
Did you remove all your old templates?
i think so
/sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/usr/bin/hook-script.sh/05deploy_cert_mailpile: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/10Root: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sysconfig/syslog/90AllowRemoteSyslog: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sysconfig/rsyslog/90AllowRemoteSyslog: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dehydrated/domains.txt/15mailpile: MANUALLY_ADDED, ADDITION
What else have you got installed:
/sbin/e-smith/audittools/newrpms
Modules complémentaires chargés : fastestmirror, post-transaction-actions,
: priorities, smeserver
Loading mirror speeds from cached hostfile
* base: mirror.plusserver.com
* smeaddons: mirror.pialasse.com
* smeos: mirror.pialasse.com
* smeupdates: mirror.pialasse.com
* updates: centos.crazyfrogs.org
Paquets supplémentaires
GeoIP.x86_64 1.6.12-9.el7.sme @smecontribs
GeoIP-GeoLite-data.noarch 2018.06-7.el7.sme @smecontribs
GeoIP-GeoLite-data-extra.noarch 2018.06-7.el7.sme @smecontribs
ImageMagick6-libs.x86_64 6.9.12.43-1.el7.remi @remi-safe
hddtemp.x86_64 0.3-0.31.beta15.el7 @smecontribs
libicu69.x86_64 69.1-2.el7.remi @remi-safe
openvpn.x86_64 2.4.11-1.el7 @smecontribs
perl-Array-Compare.noarch 3.0.0-1.of.el7 @smecontribs
perl-B-Hooks-OP-Check.x86_64 0.22-1.of.el7 @smecontribs
perl-Class-Method-Modifiers.noarch 2.13-1.of.el7 @smecontribs
perl-Class-XSAccessor.x86_64 1.19-2.el7 @smecontribs
perl-Devel-GlobalDestruction.noarch 0.14-1.of.el7 @smecontribs
perl-Lexical-SealRequireHints.x86_64 0.011-1.of.el7 @smecontribs
perl-Module-Runtime.noarch 0.016-1.of.el7 @smecontribs
perl-Moo.noarch 2.004004-2.of.el7 @smecontribs
perl-Params-Classify.x86_64 0.013-7.el7 @smecontribs
perl-Role-Tiny.noarch 2.001004-1.of.el7 @smecontribs
perl-Sub-Exporter-Progressive.noarch 0.001013-1.of.el7 @smecontribs
perl-Sub-Name.x86_64 0.26-1.of.el7 @smecontribs
perl-Sub-Quote.noarch 2.006006-1.of.el7 @smecontribs
perl-bareword-filehandles.x86_64 0.007-1.of.el7 @smecontribs
perl-indirect.x86_64 0.39-1.of.el7 @smecontribs
perl-multidimensional.x86_64 0.014-1.of.el7 @smecontribs
perl-strictures.noarch 2.000006-1.of.el7 @smecontribs
php74.x86_64 1.0-3.el7.remi @remi-safe
php74-php-gmp.x86_64 7.4.28-1.el7.remi @remi-safe
php74-php-pecl-apcu.x86_64 5.1.21-1.el7.remi @remi-safe
php74-php-pecl-imagick-im6.x86_64 3.7.0-1.el7.remi @remi-safe
php74-php-pecl-inotify.x86_64 3.0.0-1.el7.remi @remi-safe
php74-php-pecl-mcrypt.x86_64 1.0.4-1.el7.remi @remi-safe
php74-php-smbclient.x86_64 1.0.6-1.el7.remi @remi-safe
php81-php.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-bcmath.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-cli.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-common.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-enchant.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-fpm.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-gd.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-imap.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-intl.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-ldap.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-mbstring.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-mysqlnd.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-opcache.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-pdo.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-pear.noarch 1:1.10.13-1.el7.remi @remi-safe
php81-php-pecl-xmlrpc.x86_64 1.0.0~rc3-1.el7.remi @remi-safe
php81-php-pecl-zip.x86_64 1.20.0-1.el7.remi @remi-safe
php81-php-process.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-snmp.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-soap.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-sodium.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-tidy.x86_64 8.1.4-1.el7.remi @remi-safe
php81-php-xml.x86_64 8.1.4-1.el7.remi @remi-safe
php81-runtime.x86_64 8.1-1.el7.remi @remi-safe
pkcs11-helper.x86_64 1.11-3.el7 @smecontribs
smeserver-adv-samba.noarch 0.2.0-2.el7.sme @smetest
smeserver-bridge-interface.noarch 0.2-7.el7.sme @smecontribs
smeserver-dhcp-dns.noarch 1.2.0-5.el7.sme @smecontribs
smeserver-dhcpmanager.noarch 2.0.4-12.el7.sme @smecontribs
smeserver-git.noarch 1.2.0-5.el7.sme @smecontribs
smeserver-gitweb.noarch 1.1.0-14.el7.sme @smecontribs
smeserver-gitweb-theme.noarch 1.1.0-1.el7.sme @smecontribs
smeserver-nextcloud.noarch 1.2.0-11.el7.sme @smecontribs
smeserver-smbstatus.noarch 1.2-3 @smecontribs
smeserver-smeadmin.noarch 1.6-4.el7.sme @smecontribs
smeserver-tftp-server.noarch 1.2-9.el7.sme @smecontribs
smeserver-thinclient.noarch 2.1-4.el7.sme @smecontribs
smeserver-tt-rss.noarch 9:0.5.0-2.el7.sme @smetest
smeserver-wsdd.noarch 0.2-5.el7.sme @smecontribs
tt-rss.noarch 20211029.git9714c4fbcf-1.el7.sme
@smecontribs
wsdd.noarch 0.7.0-1.el7 @smecontribs
-
Hmmm.
You really should not be doing this:
/etc/e-smith/templates-custom/etc/sudoers/10Root
Unless you absolutely need to, and know exactly what you are doing, don't do that.
Also you should not be installing ANYTHING from smetest on a production machine. That is an easy way to irretrievably bork yourserver. Use a test machine for testing.
And then I can see these:
/etc/e-smith/templates-custom/usr/bin/hook-script.sh/05deploy_cert_mailpile
/etc/e-smith/templates-custom/etc/dehydrated/domains.txt/15mailpile
And I cannot see the smeserver-letsencrypt contrib, so you have manually installed letsencrypt/dehydrated but we have no idea how you have configured it. It doesn't look like you have the httpd templates that you need.
Please go back, undo what you have done and install he contrib which should make installation a lot easier for you, we know what has been installed, and is easier for us to diagnose.
https://wiki.koozali.org/Letsencrypt#Contrib_Installation_of_Dehydrated
-
essayes avec la version de smeserver-letsencrypt dans smetest.
j’ai vu qu’en cas de domaine dedié nextcloud la version actuelle ne donne pas acces aux fichier de validation.