AIO: error:0A000438:SSL routines::tlsv1 alert internal error

Hi, I have been happily using the Nextcloud all-in-one Docker image for several days, but today I am unable to access the site at all.

I can load the AIO page at http://192.168.1.7:8080 and it seems happy.

All the docker containers are running and docker ps reports all of them healthy except nextcloud/aio-apache:latest which says “Up 13 minutes (unhealthy)”

When I try to access Nextcloud via its real address in my browser I get: “Unable to connect”

When I try to contact it from the host machine with curl I get this:

$ curl -v https://localhost:443
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS alert, internal error (592):
* OpenSSL/3.0.14: error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) OpenSSL/3.0.14: error:0A000438:SSL routines::tlsv1 alert internal error

I didn’t do anything that triggered this changed, but I do have automatic updates turned on.

My apache logs look like:

$ sudo docker logs nextcloud-aio-apache
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Connection to nextcloud-aio-nextcloud (172.18.0.6) 9000 port [tcp/*] succeeded!
[Mon Sep 30 14:41:03.617343 2024] [mpm_event:notice] [pid 48:tid 48] AH00489: Apache/2.4.62 (Unix) configured -- resuming normal operations
[Mon Sep 30 14:41:03.617430 2024] [core:notice] [pid 48:tid 48] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
{"level":"info","ts":1727703663.6202755,"msg":"using config from file","file":"/tmp/Caddyfile"}
{"level":"info","ts":1727703663.6215367,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1727703663.623439,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}

I have read What can I do when Nextcloud is not reachable via my domain or if I get `SSL_ERROR_INTERNAL_ERROR_ALERT` or `ERR_SSL_PROTOCOL_ERROR` when opening my Nextcloud domain? · nextcloud/all-in-one · Discussion #2105 · GitHub but I don’t think it applies in my case.

Any ideas on how to fix or investigate would be much appreciated.

Hi, do you run AIO behind a reverse proxy?

Hi, no, it is not behind a reverse proxy.

Okay. Can you open the domain that you’ve put in to be used as domain for Nextcloud via an external network, like via mobile internet and check if that works?

Thanks for the suggestion. That fails in the same way. I am fairly sure the problem is local to my host since my curl command above is pointed at localhost and it fails there.

(I have an A type DNS entry, and the DNS correctly resolves to my home IP address.)

This problem went away when I rebooted the host containing the docker containers. I have no idea what caused it, but it’s fixed for now.

Thank you for your help!