How to install Nextcloud 13 in FreeNAS with all checks passed updated to use iocage

[warriorcookie]

Please try to answer all questions. Does it have .conf extension? Can you access domain/test.html?

Not sure if I should post here or start a new thread?

I'm having the exact same issue.

Code:

 Domain: *******.ca
   Type:   unauthorized
   Detail: Invalid response from
   http://**********.ca/.well-known/acme-challenge/vGW4PrOCSzdV3MYrkLHJxYRNbYnIxdQNtJdzCAycULU:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

When I access my domain from outside the network it shows "It Works!" and when I access domain/nextcloud is shows the nextcloud login.

Also, my host config file is named ******.ca.conf

 

[papaja]

When I access my domain from outside the network it shows "It Works!" and when I access domain/nextcloud is shows the nextcloud login.

Also, my host config file is named ******.ca.conf

If you see "It works" it means that you are loading main apache configuration, not your virtual host. Look at the end of your main apache config file httpd.conf - does it include config files from Includes folder? If this line is commented out, uncomment it.

 

[warriorcookie]

If you see "It works" it means that you are loading main apache configuration, not your virtual host. Look at the end of your main apache config file httpd.conf - does it include config files from Includes folder? If this line is commented out, uncomment it.

The last line is uncommented:

Code:

Include etc/apache24/Includes/*.conf

I should also mention when doing "service apache24 restart" I get the following:

Code:

root@nextcloud:/usr/local/etc/apache24/Includes # service apache24 restart
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 26 of /usr/local/etc/apache24/Includes/*******.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/******.ca/fullchain.pem' does not exist or is empty

 

[alexten9]

Please try to answer all questions. Does it have .conf extension? Can you access domain/test.html?

No it dose not have .conf extension how would I add it to it. As far as domain/test.html if i put that file there yes I can access it.

 

[danb35]

SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/******.ca/fullchain.pem' does not exist or is empty

That's a pretty big problem, and indicates that your certificate either wasn't issued, or you've mistyped the pathname. If the file is there, correct the patch in your Apache config. If not, try to figure out why.

 

[warriorcookie]

No it dose not have .conf extension how would I add it to it. As far as domain/test.html if i put that file there yes I can access it.

mv oldfilename.oldextension newfilename.newextension

 

[alexten9]

ok I renamed the extanteon of the domain file to .conf but now when I do restart i get this

Code:

Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 25 of /usr/local/etc/apache24/Includes/XXX.asuscomm.com.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file ('/path/to/file' - PEM or DER encoded)

 

[warriorcookie]

That's a pretty big problem, and indicates that your certificate either wasn't issued, or you've mistyped the pathname. If the file is there, correct the patch in your Apache config. If not, try to figure out why.

I think that's the entire problem. certbot can't issue the cert because it keeps getting the "404 not found error." I assume it's because apache isn't loading my virtualhost file?

 

[alexten9]

I think I made a mistake some where and need to start all over or should I keep on trying to trouble shoot it with you guys?

 

[danb35]

AH00526: Syntax error on line 25 of /usr/local/etc/apache24/Includes/XXX.asuscomm.com.conf:

What does that line say?

 

[danb35]

certbot can't issue the cert because it keeps getting the "404 not found error." I assume it's because apache isn't loading my virtualhost file?

What's curious to me is that it's getting anything at all--with the error you're showing, I'm surprised Apache is starting at all.

 

[alexten9]

What does that line say?

Code:

<VirtualHost *:80>
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
ServerName xxxx.asuscomm.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =xxxx.asuscomm.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
</Directory>
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin xxxx@gmail.com
  ServerName xxxx.asuscomm.com
  DirectoryIndex index.php
  DocumentRoot /usr/local/www/apache24/data/nextcloud
  SSLCertificateFile
/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/fullchain.pem
  SSLCertificateKeyFile
/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/privkey.pem
  SSLEngine on
  # Intermediate configuration, tweak to your needs
  SSLProtocol  all -SSLv2 -SSLv3
  SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RS$
  SSLHonorCipherOrder  on
  SSLCompression  off
  SSLOptions +StrictRequire
  <Directory /usr/local/www/apache24/data/nextcloud>
  AllowOverride all
  </Directory>
  <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000;
includeSubDomains"
  </IfModule>
  </VirtualHost>

Not sure if the bold line is line 25 but that everything in there. (
SSLCertificateFile)

 

[alexten9]

also in that dir i have this file no-accf.conf and in that file i have
<IfDefine NOHTTPACCEPT>
AcceptFilter http none
AcceptFilter https none
</IfDefine>
is that ok?

 

[danb35]

Not sure if the bold line is line 25 but that everything in there. (SSLCertificateFile)

Your problem looks like your editor inserted line breaks where it shouldn't have. If you're using nano, the -w flag will avoid this: nano -w XXX.asuscomm.com.conf. Take out the line break on that line, the next one (SSLCertificateKeyFile), and SSLCipherSuite.

 

[danb35]

also in that dir i have this file no-accf.conf and in that file i have

I believe that file is there by default and isn't a problem.

 

[warriorcookie]

What's curious to me is that it's getting anything at all--with the error you're showing, I'm surprised Apache is starting at all.

You appear to be correct. Apache is definitely not starting now. Not sure if I just wasn't being careful to clear cache when checking....

Code:

# service apache24 status
apache24 is not running.

httpd-error.log:

Code:

[Mon Mar 19 10:48:00.093435 2018] [ssl:emerg] [pid 26451] AH02572: Failed to configure at least one certificate and key for ********.ca:443
[Mon Mar 19 10:48:00.093696 2018] [ssl:emerg] [pid 26451] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Mar 19 10:48:00.093720 2018] [ssl:emerg] [pid 26451] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

So, what did I screw up? Where can I look next?

/usr/local/etc/apache24/Includes/*******.conf (should this be called *******.ca.conf?):

Code:

<VirtualHost *:80>
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
ServerName *******.ca
RewriteEngine on
RewriteCond %{SERVER_NAME} =*******.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
</Directory>
</VirtualHost>

<VirtualHost *:443>
  ServerAdmin *********@gmail.com
  ServerName *******.ca
  DirectoryIndex index.php
  DocumentRoot /usr/local/www/apache24/data/nextcloud
  SSLCertificateFile /usr/local/etc/letsencrypt/live/********.ca/fullchain.pem
  SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/********.ca/privkey.pem
  SSLEngine on
  # Intermediate configuration, tweak to your needs
  SSLProtocol  all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA2$
  SSLHonorCipherOrder  on
  SSLCompression  off
  SSLOptions +StrictRequire
  <Directory /usr/local/www/apache24/data/nextcloud>
  AllowOverride all
  </Directory>
  <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>
  </VirtualHost>

 

[alexten9]

Your problem looks like your editor inserted line breaks where it shouldn't have. If you're using nano, the -w flag will avoid this: nano -w XXX.asuscomm.com.conf. Take out the line break on that line, the next one (SSLCertificateKeyFile), and SSLCipherSuite.

Thank you for helping! I did change it and now getting this.

Code:

root@nextcloud:/usr/local/etc/apache24/Includes # service apache24 restart	  Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 25 of /usr/local/etc/apache24/Includes/xxxx.asuscomm.com.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/fullchain.pem' does not exist or is empty

 

[danb35]

Looks like both of you failed to obtain certificates, and as a result, Apache won't start. You should be able to resolve this by using certbot in standalone mode to issue a cert. Run this command from inside your jail:
certbot certonly --standalone --preferred-challenges http -d YOUR_FQDN
...where YOUR_FQDN is the domain name you have pointing toward your jail--if someone on the outside Internet browses to http://YOUR_FQDN, he'll be reaching your jail on port 80.

This command should run and issue the certificate. Once that's done, Apache should start, and future renewals can use the webroot validator (so Apache won't need to be stopped to make them work).

(Edit: or look at https://forums.freenas.org/index.php?threads/yet-another-nextcloud-installation-with-a-script.62485/)

 

[warriorcookie]

Looks like both of you failed to obtain certificates, and as a result, Apache won't start. You should be able to resolve this by using certbot in standalone mode to issue a cert. Run this command from inside your jail:
certbot certonly --standalone --preferred-challenges http -d YOUR_FQDN
...where YOUR_FQDN is the domain name you have pointing toward your jail--if someone on the outside Internet browses to http://YOUR_FQDN, he'll be reaching your jail on port 80.

This command should run and issue the certificate. Once that's done, Apache should start, and future renewals can use the webroot validator (so Apache won't need to be stopped to make them work).

(Edit: or look at https://forums.freenas.org/index.php?threads/yet-another-nextcloud-installation-with-a-script.62485/)

Boom! It works!

Thanks so much. Not sure where I went wrong, but that was exactly it. Once certbot issued the cert in standalone mode apache started up again then I was was able to run certbot again to renew the cert.

Thanks for the help. alexten9 I hope this also works for you.

 

[alexten9]

Looks like both of you failed to obtain certificates, and as a result, Apache won't start. You should be able to resolve this by using certbot in standalone mode to issue a cert. Run this command from inside your jail:
certbot certonly --standalone --preferred-challenges http -d YOUR_FQDN
...where YOUR_FQDN is the domain name you have pointing toward your jail--if someone on the outside Internet browses to http://YOUR_FQDN, he'll be reaching your jail on port 80.

This command should run and issue the certificate. Once that's done, Apache should start, and future renewals can use the webroot validator (so Apache won't need to be stopped to make them work).

(Edit: or look at https://forums.freenas.org/index.php?threads/yet-another-nextcloud-installation-with-a-script.62485/)

I was no so lucky.

this is what i got.

Code:

root@nextcloud:/ # certbot certonly --standalone --preferred-challenges http -d xxxx.asuscomm.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.asuscomm.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

By the way im using asus router with asus ddns service asus.com. My isp is dynamic ip. Can any of this factors prevent me from getting it secured? If so what route should I go to make this work in this setup?