Lelo
July 30, 2023, 1:45pm
1
DietPi version | cat /boot/dietpi/.version
Distro version | echo $G_DISTRO_NAME $G_RASPBIAN
Kernel version | uname -a#1529 SMP Tue Mar 8 12:21:37 GMT 2022 armv7l GNU/Linux
Architecture | dpkg --print-architecture
SBC model | echo $G_HW_MODEL_NAME or (EG: RPi3)
Power supply used | (EG: 5V 1A RAVpower)
SD card used | (EG: SanDisk ultra)
Software title | (EG: Nextcloud)
I successfully updated from v8.19.1 to v8.20.1 with no errors —> “reboot”
Renewed the SSL-certificate like a dozent times before —> “dietpi-letsencrypt” —> Ended with:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[ OK ] DietPi-LetsEncrypt | Desired setting in /etc/lighttpd/lighttpd.conf was already set: "mod_setenv",
[FAILED] DietPi-LetsEncrypt | systemctl restart lighttpd
Lighttpd should start to make Nextcloud accessable.
“systemctl status lighttpd.service” reports this:
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/lighttpd.service.d
└─dietpi.conf
Active: failed (Result: exit-code) since Sun 2023-07-30 15:10:59 CEST; 20s ago
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Service RestartSec=100ms expired, scheduling restart.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: Stopped Lighttpd Daemon.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Start request repeated too quickly.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: Failed to start Lighttpd Daemon.
What do I have to do to make Lighttpd running again to access my Nextcloud again?
Thanx in advance,
Lelo:
“raspi-letsencrypt”
I guess it is dietpi-letsencrypt, right?
Can you share following
/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
Lelo
July 30, 2023, 3:46pm
3
Yes, “dietpi-letsencrypt” of course - I updated my post.Sorry.
/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
Error: duplicate array-key: Options. Please get rid of the duplicate entry.
2023-07-30 17:43:23: (configfile.c.1296) source: /etc/lighttpd/conf-enabled/50-dietpi-https.conf line: 18 pos: 17 parser failed somehow near here: (COMMA)
2023-07-30 17:43:23: (configfile.c.1296) source: /etc/lighttpd/lighttpd.conf line: 48 pos: 15 parser failed somehow near here: (EOL)
can you share
cat /etc/lighttpd/lighttpd.conf
1 Like
Lelo
July 30, 2023, 4:34pm
5
cat /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_indexfile",
"mod_setenv",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "disable",# default
"host-strict" => "disable",# default
"host-normalize" => "disable",# default
"url-normalize-unreserved"=> "disable",# recommended highly
"url-normalize-required" => "disable",# recommended
"url-ctrls-reject" => "disable",# recommended
"url-path-2f-decode" => "disable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "disable",
"url-path-dotseg-remove" => "disable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "disable",
#"url-query-20-plus" => "disable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
Jappe
July 30, 2023, 7:13pm
6
This is because of my PR, we changed some things in /etc/lighttpd/conf-available/50-dietpi-https.conf, but I made a mistake and now there are two options lines, which lighttpd does not like.-ServerPreference, see: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#Perfect-Forward-Secrecy-PFS .
Note also, that there are two entries in this file, on for IPv4, around line 16, and one for IPv6 around line 33.
The problem now is, you can change this lines in /etc/lighttpd/conf-available/50-dietpi-https.conf but when you run dietpi-letsencrypt the file gets newly generated by the script, so we have to edit the script itself for now.
sed -i '/"Options" => "-SessionTicket",/d' /boot/dietpi/dietpi-letsencrypt
sed -i '/"Options" => "-SessionTicket",/d' /etc/lighttpd/conf-available/50-dietpi-https.conf
After that you can re-run dietpi-letsencrypt.
edit: PR is out , apologies for the inconvenience
4 Likes
Lelo
July 30, 2023, 7:36pm
7
That workaround solved my problem. Thanx to Jappe & Joulinar for their help!
2 Likes
