I deployed a Laravel 10 application (Ubuntu 22.04, Nginx, PHP 8.2-FPM). When hitting the login endpoint from my Vue frontend I got a 500 and this log entry:
production.ERROR: No application encryption key has been specified.
When I tried to run php artisan key:generate
I got instead:
In StreamHandler.php line 156:
The stream or file “/var/www/html/laravel-api/storage/logs/laravel.log” could not be opened in append mode: Failed to open stream: Permission denied
The exception occurred while attempting to log: file_put_contents(/var/www/html/laravel-api/.env): Failed to open stream: Permission denied
Environment
Laravel 10
Ubuntu 22.04
Nginx + PHP 8.2-FPM (user: www-data)
Manual deployment (no Docker)
The app had been built with php artisan config:cache earlier (before APP_KEY was properly generated) and after that all requests returned 500.
I suspect it is both a permissions issue and a cached configuration problem, but I want to confirm the correct, secure remediation steps (without using chmod 777).
What I tried:
php artisan config:clear → still the same error
chmod -R 777 storage → temporarily allows key:generate (I know this is insecure)
Re-ran php artisan key:generate but php artisan config:show app.key still empty
Cleared browser cache / restarted php-fpm (no change)
Rebuilt config cache too early (php artisan config:cache) while APP_KEY was still missing
Expected:
Laravel should have a valid APP_KEY in .env
php artisan config:show app.key should display the base64 key
No 500 error on authenticated endpoints