There were problems with the code integrity check. More information...

[WNYmathGuy]

Steps to reproduce

1. Use Let's Encrypt for SSL.
2. Upgrade to Nextcloud 14.

Expected behaviour

The .htaccess files don't go shit haywire.

Actual behaviour

Something goes wrong most often on an upgrade. I struggle to get the error banner to clear. I get it right and forget how I did it last time. I upgrade and it's f-ked again.

Server configuration detail

Operating system: Linux 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64

Webserver: Apache/2.4.18 (cgi-fcgi)

Database: mysql 10.0.36

PHP version:

7.0.32-0ubuntu0.16.04.1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, pcntl, Reflection, SPL, session, standard, cgi-fcgi, mysqlnd, PDO, xml, apcu, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, imap, intl, json, ldap, exif, mcrypt, mysqli, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, readline, redis, shmop, SimpleXML, soap, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 14.0.3 - 14.0.3.0

Updated from an older Nextcloud/ownCloud or fresh install: 13

Where did you install Nextcloud from: The Nextcloud site originally

Signing status

Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[.htaccess] => Array
(
[expected] => 70183f641f39fc5f43065aeb15b86ac99e86b82310d5467e1c4d935df30acc6155c0905f84f59616885275c19ffacea59e354a87a5c97c94f50d50d4eff0370e
[current] => e05ca07248d85fbaa8d0b033257dec1e62a1308462eba2e21a57eb574e2c4e41af3872d372f5d835f659f943010c4bceb7f3c8113b11eb65ff730e8a30f76a93
)

            )

    )

)

List of activated apps

Enabled:
 - accessibility: 1.0.1
 - activity: 2.7.0
 - admin_audit: 1.4.0
 - admin_notifications: 1.0.2
 - announcementcenter: 3.3.1
 - apporder: 0.5.0
 - audioplayer: 2.4.1
 - bruteforcesettings: 1.1.0
 - calendar: 1.6.3
 - carnet: 0.8.6
 - checksum: 0.4.1
 - cloud_federation_api: 0.0.1
 - cms_pico: 0.9.7
 - comments: 1.4.0
 - contacts: 2.1.6
 - data_request: 1.1.0
 - dav: 1.6.0
 - deck: 0.4.1
 - dicomviewer: 1.0.2
 - drawio: 0.9.1
 - drop_account: 0.0.12
 - event_update_notification: 0.3.0
 - federatedfilesharing: 1.4.0
 - federation: 1.4.0
 - files: 1.9.0
 - files_accesscontrol: 1.4.0
 - files_automatedtagging: 1.4.0
 - files_markdown: 2.0.4
 - files_pdfviewer: 1.3.2
 - files_retention: 1.3.0
 - files_sharing: 1.6.2
 - files_texteditor: 2.6.0
 - files_trashbin: 1.4.1
 - files_versions: 1.7.1
 - files_videoplayer: 1.3.0
 - firstrunwizard: 2.3.0
 - flowupload: 0.0.8
 - gallery: 18.1.0
 - gpxedit: 0.0.9
 - gpxmotion: 0.0.7
 - gpxpod: 2.3.1
 - groupfolders: 1.3.3
 - issuetemplate: 0.4.0
 - logreader: 2.0.0
 - lookup_server_connector: 1.2.0
 - metadata: 0.7.0
 - mindmaps: 0.1.0
 - music: 0.9.2
 - nextcloud_announcements: 1.3.0
 - notes: 2.4.2
 - notifications: 2.2.1
 - oauth2: 1.2.1
 - ocsms: 1.13.1
 - password_policy: 1.4.0
 - phonetrack: 0.3.6
 - polls: 0.8.3
 - previewgenerator: 1.1.0
 - provisioning_api: 1.4.0
 - quota_warning: 1.3.0
 - radio: 0.6.3
 - rainloop: 6.0.1
 - ransomware_detection: 0.4.1
 - ransomware_protection: 1.2.0
 - registration: 0.4.5
 - richdocuments: 3.0.1
 - serverinfo: 1.4.0
 - sharebymail: 1.4.0
 - socialsharing_diaspora: 1.0.3
 - socialsharing_email: 1.0.4
 - socialsharing_facebook: 1.0.3
 - socialsharing_googleplus: 1.0.3
 - socialsharing_twitter: 1.0.3
 - spreed: 4.0.0
 - support: 1.0.0
 - survey_client: 1.2.0
 - systemtags: 1.4.0
 - tasks: 0.9.7
 - telephoneprovider: 1.0.1
 - terms_of_service: 1.0.1
 - theming: 1.5.0
 - theming_customcss: 1.1.0
 - twofactor_backupcodes: 1.3.1
 - updatenotification: 1.4.1
 - weather: 1.5.4
 - workflowengine: 1.4.0
Disabled:
 - bookmarks
 - circles
 - encryption
 - files_antivirus
 - files_downloadactivity
 - files_external
 - user_external
 - user_ldap

Configuration (config/config.php)

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "cloud.mydomain.com"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "14.0.3.0",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpmode": "smtp",
    "mail_smtpauthtype": "LOGIN",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "587",
    "mail_smtpauth": 1,
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "maintenance": false,
    "memcache.local": "\\OC\\Memcache\\APCu",
    "theme": "",
    "loglevel": 0,
    "default_language": "en",
    "enable_previews": true,
    "preview_max_x": 2048,
    "preview_max_y": 2048,
    "preview_max_scale_factor": 10,
    "preview_max_filesize_image": 50,
    "preview_libreoffice_path": "\/usr\/bin\/libreoffice",
    "preview_office_cl_parameters": " --headless --nologo --nofirststartwizard --invisible --norestore --convert-to pdf --outdir ",
    "enabledPreviewProviders": [
        "OC\\Preview\\PNG",
        "OC\\Preview\\JPEG",
        "OC\\Preview\\GIF",
        "OC\\Preview\\BMP",
        "OC\\Preview\\XBitmap",
        "OC\\Preview\\SVG",
        "OC\\Preview\\TIFF",
        "OC\\Preview\\MP3",
        "OC\\Preview\\TXT",
        "OC\\Preview\\Font",
        "OC\\Preview\\MarkDown",
        "OC\\Preview\\Movie",
        "OC\\Preview\\MSOffice2003",
        "OC\\Preview\\MSOffice2007",
        "OC\\Preview\\MSOfficeDoc",
        "OC\\Preview\\OpenDocument",
        "OC\\Preview\\PDF",
        "OC\\Preview\\Postscript",
        "OC\\Preview\\StarOffice"
    ],
    "tempdirectory": "\/home\/adminuser\/domains\/cloud.mydomain.com\/tmp\/nextcloudtemp",
    "overwrite.cli.url": "https:\/\/cloud.mydomain.com"
}

Are you using external storage, if yes which one: no

Are you using encryption:

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0

Operating system: Ubuntu 18.04.1 LTS

Logs

Browser log

Nextcloud log

[nextcloud.log](https://github.com/nextcloud/server/files/2516585/nextcloud.log)

Browser log

[violoncelloCH]

Can you try to regenerate the .htaccess file with occ maintenance:update:htaccess and trigger a integrity check rescan?

[nextcloud-bot]

GitMate.io thinks possibly related issues are #1502 (There were some problems with the code integrity check), #9375 (Code integrity check), #1398 (Problems with code integrity when skeleton folder is empty), and #9696 (The Phone Track app hangs it's progress icon indefinitely).

[WNYmathGuy]

GitMate.io thinks possibly related issues are #1502 (There were some problems with the code integrity check), #9375 (Code integrity check), #1398 (Problems with code integrity when skeleton folder is empty), and #9696 (The Phone Track app hangs it's progress icon indefinitely).

@nextcloud-bot None of these topics were good guesses for the problem.

[WNYmathGuy]

@violoncelloCH I tried and here are the results:

[someadmin@server nextcloud]# sudo -u nextcloudadmin php occ maintenance:update:htaccess
Error updating .htaccess file, not enough permissions or "overwrite.cli.url" set to an invalid URL?

I tried it after changing ownership to nextcloudadmin owner & www-data group. Same results on the occ command.

[violoncelloCH]

The normal way would be to leave ownership to user www-data (and group www-data) and use sudo -u www-data
This user is the webserver user and has got nothing to do with the nextcloud admin.
In general, I'm not supposed to give support in the issue tracker. Support questions go to https://help.nextcloud.com or https://portal.nextcloud.com. So please use the forum for help and close this issue ticket or provide specific information about a concrete bug (or feature request).

[kesselb]

Try to append a / to overwrite.cli.url and try the command again. There is a bug validating the domain name.

[WNYmathGuy]

@violoncelloCH I believe my settings were from the Nextcloud sites security recomendations. I tried numerous combinations of owner / group as well as permission changes and here were some of the errors.

{"reqId":"strange-number-was-here","level":1,"time":"2018-10-26T16:13:18+00:00","remoteAddr":"","user":"--","app":"cli","method":"","url":"--","message":"Memcache \\OC\\Memcache\\APCu not available for local cache","userAgent":"--","version":"14.0.3.0"}
{"reqId":"strange-number-was-here","level":1,"time":"2018-10-26T16:13:18+00:00","remoteAddr":"","user":"--","app":"cli","method":"","url":"--","message":"Memcache \\OC\\Memcache\\APCu not available for distributed cache","userAgent":"--","version":"14.0.3.0"}
Cannot write into "config" directory!
This can usually be fixed by giving the webserver write access to the config directory
See https://docs.nextcloud.com/server/14/go.php?to=admin-dir_permissions

Or, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.
See https://docs.nextcloud.com/server/14/go.php?to=admin-config
{"reqId":"strange-number-was-here","level":3,"time":"2018-10-26T16:13:18+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fopen(\/home\/adminuser\/domains\/cloud.mydomain.com\/public_html\/nextcloud\/data\/nextcloud.log): failed to open stream: Permission denied at \/home\/adminuser\/domains\/cloud.mydomain.com\/public_html\/nextcloud\/lib\/private\/Log\/File.php#136","userAgent":"--","version":"14.0.3.0"}

@danielkesselberg I added it to the end, so it was .com it's now .com/ but same result:

Error updating .htaccess file, not enough permissions or "overwrite.cli.url" set to an invalid URL?

It's not the wrong URL, but perhaps my Apache settings are non-standard? Here's details on mine from having this problem with NC13. https://help.nextcloud.com/t/some-files-have-not-passed-the-integrity-check-double-htaccess-file-due-to-lets-encrypt/28270/5?u=ruppscloudadmin

Can't I just do something to get the right hash it's complaining about in the right place?

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- .htaccess

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [.htaccess] => Array
                        (
                            [expected] => 555c0905f84f59616885275c19ffacea59e3e86b82310d5467f43065a94f50eb15b86ac99e470183f641f39fcd935df30acc61e1c54a87a5c97cd50d4eff0370
                            [current] => 65ff730e8a30f76a931308462eef3835f659f943010c4bceb7f3c8113b11eb07248ba2e218d0b033257dea57eb574e2c4e4105cad85fb872d372f5daac1e62aa
                        )

                )

        )

)

[kesselb]

Could you share ls -al .htaccess?

[WNYmathGuy]

Could you share ls -al .htaccess?

-rw-rw-r-- 1

[kesselb]

ls -al .htaccess 
-rw-rw-r-- 1 daniel daniel 2713 Sep 30 12:20 .htaccess

Who is the owner/group of your .htaccess? nextcloudadmin?

[WNYmathGuy]

@danielkesselberg I've tried it a number of ways. For background, I manage my server with Virtualmin, and my Nextcloud runs in a subserver of a virtual server (subdomain, domain). The subserver and virtual server have the same user as their admin user, but that user is not an admin of the main real server.
I have tried it with the subserver admin as the owner and group, I've tried it with the subserver admin as the owner and www-data as the group, and with www-data as the owner and the group.

[WNYmathGuy]

Re @danielkesselberg

Try to append a / to overwrite.cli.url and try the command again. There is a bug validating the domain name.

A second go at this tonight with the appended /

Re @violoncelloCH

Can you try to regenerate the .htaccess file with occ maintenance:update:htaccess and trigger a integrity check rescan?

After the appended / your update command ran but did not solve the problem.

Closing this one because I started a new one...
#12524 (comment)