Nextcloud Update & my current Webserver (Lighttpd)

Joulinar · 6 November 2021 09:58

no need to remove everything. Just go into /etc/letsencrypt/ and there you see a couple of sub directories. Just go into each of them one by one and clear the content not needed.

SSH connection has no relation to any SSL/ Letsencrypt config and should stay untouched.

rubinski · 6 November 2021 12:04

I have no clue, what is needed there and what is not. For example inside /etc/letsencrypt/csr I can see a lot of very similar Files like this:

A comparable structure I can find in the Subfolder “Keys”.

Joulinar · 6 November 2021 20:24

ok I did a little bit of testing. Let’s do following

rm -Rf /etc/letsencrypt/*
dietpi-letsencrypt 1

rubinski · 7 November 2021 08:16

Thank you for your Effort. In fact there has been no negative Effect, when erasing the whole Folder as you suggested.
The Certificate also was successfully generated through

dietpi-letsencrypt 1

On the other Hand all is still the same, when I uncomment those two Redirect-Rules Lines in

/etc/lighttpd/conf-available/99-dietpi-nextcloud.conf

so that it again results in a non-reachable Webinterface.

https://dietpi.com/forum/t/nextcloud-update-my-current-webserver-lighttpd/5884/8

I then get the same error Messages before, when I do systemctl restart lighttpd.service

dietpi@DietPi:~$ sudo systemctl restart lighttpd.service
Job for lighttpd.service failed because the control process exited with error code.
See "systemctl status lighttpd.service" and "journalctl -xe" for details.
dietpi@DietPi:~$ sudo systemctl status lighttpd.service
● lighttpd.service - Lighttpd Daemon
   Loaded: loaded (/lib/systemd/system/lighttpd.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2021-11-04 22:36:37 CET; 32s ago
  Process: 9788 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPTION)

Joulinar · 7 November 2021 08:48

Just share following again

/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf

rubinski · 7 November 2021 09:15

dietpi@DietPi:~$ /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2021-11-07 10:14:45: (mod_openssl.c.445) SSL: BIO_read_filename('/etc/letsencrypt/live/MYDOMAIN/combined.pem') failed
2021-11-07 10:14:45: (server.c.1183) Initialization of plugins failed. Going down. 
dietpi@DietPi:~$

Joulinar · 7 November 2021 15:15

hm strange. Let’s try to disable SSL config for time being. Could you share activated config files

ls -la /etc/lighttpd/conf-enabled/

rubinski · 7 November 2021 15:21

dietpi@DietPi:~$ ls -la /etc/lighttpd/conf-enabled/
total 8
drwxr-xr-x 2 root root 4096 Jul 27 08:59 .
drwxr-xr-x 4 root root 4096 Oct  4  2020 ..
lrwxrwxrwx 1 root root   33 Sep 16  2020 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
lrwxrwxrwx 1 root root   33 Sep 16  2020 10-rewrite.conf -> ../conf-available/10-rewrite.conf
lrwxrwxrwx 1 root root   37 Sep 16  2020 15-fastcgi-php.conf -> ../conf-available/15-fastcgi-php.conf
lrwxrwxrwx 1 root root   38 Sep 21  2020 50-dietpi-https.conf -> ../conf-available/50-dietpi-https.conf
lrwxrwxrwx 1 root root   37 Sep 21  2020 98-dietpi-hsts.conf -> ../conf-available/98-dietpi-hsts.conf
lrwxrwxrwx 1 root root   47 Sep 21  2020 98-dietpi-https_redirect.conf -> ../conf-available/98-dietpi-https_redirect.conf
lrwxrwxrwx 1 root root   45 Sep 16  2020 99-dietpi-dav_redirect.conf -> ../conf-available/99-dietpi-dav_redirect.conf
lrwxrwxrwx 1 root root   42 Sep 16  2020 99-dietpi-nextcloud.conf -> ../conf-available/99-dietpi-nextcloud.conf
lrwxrwxrwx 1 root root   58 Jul 27 08:59 99-dietpi-pihole-block_public_admin.conf -> ../conf-available/99-dietpi-pihole-block_public_admin.conf
lrwxrwxrwx 1 root root   39 Jul 27 08:59 99-dietpi-pihole.conf -> ../conf-available/99-dietpi-pihole.conf
lrwxrwxrwx 1 root root   38 Sep 16  2020 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf
dietpi@DietPi:~$

Joulinar · 7 November 2021 15:24

lighttpd-disable-mod dietpi-https dietpi-hsts dietpi-https_redirect
systemctl restart lighttpd.service

if there are still error, let’s check configuration again

/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf

rubinski · 7 November 2021 16:22

lighttpd-disable-mod dietpi-https dietpi-hsts dietpi-https_redirect

the System did it without any comments, but:

dietpi@DietPi:~$ /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2021-11-07 17:17:41: (mod_openssl.c.445) SSL: BIO_read_filename('/etc/letsencrypt/live/MYDOMAIN/combined.pem') failed
2021-11-07 17:17:41: (server.c.1183) Initialization of plugins failed. Going down.

This is, what sudo journalctl -xe gives me:

dietpi@DietPi:~$ sudo journalctl -xe
-- Logs begin at Sun 2021-11-07 14:18:59 CET, end at Sun 2021-11-07 17:27:46 CET. --
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[DEBUG] Closed socket 11 (AF_INET6 :: port 3389)
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[DEBUG] TLSv1.3 enabled
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[DEBUG] TLSv1.2 enabled
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[DEBUG] Security layer: requested 3, selected 0
Nov 07 17:18:52 DietPi xrdp[5827]: (5827)(1995405568)[DEBUG] Closed socket 12 (AF_INET6 ::ffff:192.168.178.111 port 3389)
Nov 07 17:18:52 DietPi systemd[1]: Started Lighttpd Daemon.
-- Subject: A start job for unit lighttpd.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit lighttpd.service has finished successfully.
-- 
-- The job identifier is 2673.

Joulinar · 7 November 2021 16:41

this is confusing. We disabled SSL config and hence no SSL certificate to be used. Was there any output running these 2 commands

lighttpd-disable-mod dietpi-https dietpi-hsts dietpi-https_redirect
systemctl restart lighttpd.service

Can you share again

ls -la /etc/lighttpd/conf-enabled/

rubinski · 7 November 2021 17:14

There is no output to these commands. It just happens then.

dietpi@DietPi:~$ lighttpd-disable-mod dietpi-https dietpi-hsts dietpi-https_redirect
Disabling dietpi-https
Disabling dietpi-hsts
Disabling dietpi-https_redirect
Run "service lighttpd force-reload" to enable changes
dietpi@DietPi:~$ service lighttpd force-reload
Failed to reload lighttpd.service: Interactive authentication required.
See system logs and 'systemctl status lighttpd.service' for details.
dietpi@DietPi:~$ sudo service lighttpd force-reload
dietpi@DietPi:~$ sudo systemctl restart lighttpd.service
dietpi@DietPi:~$

ls -la /etc/lighttpd/conf-enabled/

dietpi@DietPi:~$ ls -la /etc/lighttpd/conf-enabled/
total 8
drwxr-xr-x 2 root root 4096 Jul 27 08:59 .
drwxr-xr-x 4 root root 4096 Oct  4  2020 ..
lrwxrwxrwx 1 root root   33 Sep 16  2020 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
lrwxrwxrwx 1 root root   33 Sep 16  2020 10-rewrite.conf -> ../conf-available/10-rewrite.conf
lrwxrwxrwx 1 root root   37 Sep 16  2020 15-fastcgi-php.conf -> ../conf-available/15-fastcgi-php.conf
lrwxrwxrwx 1 root root   38 Sep 21  2020 50-dietpi-https.conf -> ../conf-available/50-dietpi-https.conf
lrwxrwxrwx 1 root root   37 Sep 21  2020 98-dietpi-hsts.conf -> ../conf-available/98-dietpi-hsts.conf
lrwxrwxrwx 1 root root   47 Sep 21  2020 98-dietpi-https_redirect.conf -> ../conf-available/98-dietpi-https_redirect.conf
lrwxrwxrwx 1 root root   45 Sep 16  2020 99-dietpi-dav_redirect.conf -> ../conf-available/99-dietpi-dav_redirect.conf
lrwxrwxrwx 1 root root   42 Sep 16  2020 99-dietpi-nextcloud.conf -> ../conf-available/99-dietpi-nextcloud.conf
lrwxrwxrwx 1 root root   58 Jul 27 08:59 99-dietpi-pihole-block_public_admin.conf -> ../conf-available/99-dietpi-pihole-block_public_admin.conf
lrwxrwxrwx 1 root root   39 Jul 27 08:59 99-dietpi-pihole.conf -> ../conf-available/99-dietpi-pihole.conf
lrwxrwxrwx 1 root root   38 Sep 16  2020 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf
dietpi@DietPi:~$

Joulinar · 7 November 2021 20:25

Strange, even if mods are disabled, links are not removed. Let’s remove them manually

rm /etc/lighttpd/conf-enabled/50-dietpi-https.conf
rm /etc/lighttpd/conf-enabled/98-dietpi-hsts.conf
rm /etc/lighttpd/conf-enabled/98-dietpi-https_redirect.conf
systemctl restart lighttpd.service

rubinski · 7 November 2021 20:59

This resulted in a non-reachable Webinterface. Client Sync is also broken. How can I restore these files?

Joulinar · 7 November 2021 21:14

has the web server being started? Is the web server running?

systemctl status lighttpd.service

rubinski · 8 November 2021 07:23

Yes, Webserver has been started, but I have decided to revert my dietpi-Backup to the prior Version 20.xx of Nextcloud, because the Cloud is needed on weekdays. Wouldn´t it be an Option to use Apache or Nginx instead?

Joulinar · 8 November 2021 08:54

I never switch web server on a running system. If you decide on this, you need to reapply your SSL certificate and probably reinstall NextCloud. Usually all NextCloud data should be kept.

rubinski · 8 November 2021 14:28

Ok, thank you very much so far for your efforts. I tend to do nothing then when there is no better solutions to expect. Until the Hardware is going to be replaced I leave my fingers crossed. Actually it is an Raspberry 3. Alternatively I really could try to switch to Apache, reapply the SSL Certificate and reinstall Nextcloud as you suggested. If it fails, no problem, I can restore my Backup. Any other ideas?

Joulinar · 8 November 2021 14:30

just do a backup if everything is stored on your SD card. This way you could simple restore.

As an alternative we could continue trying to fix Lighttpd

rubinski · 8 November 2021 15:23

You´re very welcome if you have some more ideas concerning Lighttpd.