Apache container unhealthy: DNS problem: SERVFAIL looking up A for xxxx.duckdns.org

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 29.0.5): Nextcloud AIO 9.4.1
Operating system and version (eg, Ubuntu 24.04): open media vault 6.9.16-1 (Shaitan)
Apache or nginx version (eg, Apache 2.4.25): replace me
PHP version (eg, 8.3): replace me

The issue you are facing:

Hello, I have been running NC AIO as Docker on open media vault for a while now. After coming back from holidays, I fired up omv (and NC, running as docker) again. Seemed to work well, besides that NC was not accessible from outside my homenetwork.

After restarting everything a couple of times, I couldn’t access NC anymore (also not be using the IP in my homenetwork).

This error message is in the logs:

ERR ts=1725787295.8158412 logger=tls.obtain msg=will retry error=[xxxx.duckdns.org] Obtain: [xxxx.duckdns.org] solving challenge: xxxx.duckdns.org: [xxxx.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 85.127.217.214: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=3 retrying_in=120 elapsed=215.433073716 max_duration=2592000

I am not using a reverse proxy. I use xxxx.duckdns.org as my domain. My router is a Fritzbox.

I’m running Adguard, *.duckdns.org is not blocked. I also tried switching Adguard off and using my ISP DNS-Resolver, with no success.

Has anyone any suggestion? Thanks in advance!

the error you posted indicates issues while issuing a letsencrypt tls certificate. LE fails to connect to your server as part of verification process and can not issue the certificate.

Dear @wwe , thanks. I didn’t get back to this thread, because the issue was seemingly solved… but it wasn’t. On some days the xxxx.duckdns.org is working well, sometimes it is not. Feels like it’s more often not working, than it does. I can’t recognize any pattern. The openmediavault server as well as my Fritzbox haven’t been restarted during this period.
The log in the apache-nc container looks like that:

{"level":"error","ts":1727453942.5813498,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"127.0.0.1:8000","duration":0.173654881,"request":{"remote_ip":"213.162.80.161","remote_port":"2900","client_ip":"213.162.80.161","proto":"HTTP/2.0","method":"GET","host":"xxxx.duckdns.org","uri":"/apps/viewer/js/viewer-main.mjs?v=d5344b56-2","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Mode":["cors"],"Origin":["https://xxxx.duckdns.org"],"X-Forwarded-For":["213.162.80.161"],"X-Forwarded-Host":["xxxx.duckdns.org"],"Cookie":["REDACTED"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Dest":["script"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6.1 Mobile/15E148 Safari/604.1"],"Accept-Language":["de-DE,de;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"xxxx.duckdns.org"}},"error":"writing: client disconnected"}

Does this give any hint on what is going on? Do you think duckdns.org might be part of the problem and suggest another way of coping with my dynamic ip? I own a domain at world4you, if this might be of any use.
type or paste code here