Caldav and Carddav errors in admin check

Basically the title, I have the caldav and carddav errors in the admin security check.

The path to nextcloud is the fqdn of the site e.g.

Following the manual I have added to .htaccess

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/carddav /nextcloud.mydomain.tld/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud.mydomain.tld/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /nextcloud.mydomain.tld/index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /nextcloud.mydomain.tld/index.php/.well-known/nodeinfo [R=301,L]

I tested by entering nextcloud.mydomain.tld/.well-known/carddav into the browser and I was redirected to nextcloud.mydomain.tld/remote.php/dav/ which has:

This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.

I assume the redirect is working correctly however, I still see:

Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation

in the security check… Ideas?

1 Like

Are you configuring it with Nginx or Apache??

If you are configuring it with Nginx you have to put this in your configuration file:

     location ^~ /.well-known/carddav {
        return 301 $scheme://$host:<port (if you have assigned it)>/remote.php/dav;

    location ^~ /.well-known/caldav {
        return 301 $scheme://$host:<port (if you have assigned it)>/remote.php/dav;

Btw how did you do for the nodeinfo and webfinger recommendation to not to appear?

After upgrading to Nextcloud Hub 8 (29.0.0), I also get this error message. The required forwarding is configured in the Nginx Proxy Manager and works. Calling up the URL in the browser also leads to the WebDAV message mentioned above.

Same here. Was working fine for years, updated to 29, now got the errors mentioned above.

Apache is the server and I didnt received the other errors

Same here, I’ve had the same NGINX configuration for years. Upgraded to NC29 and now I have a caldav warning. Oddly no cardav error.

Same here, after update to NC29

Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/caldav

but /.well-known/caldav leads to remote.php/dav

When posted I was on 27, now i’m on 28.0.4 and error still relevant.


Oddly, mine’s only complaining about caldav - carddav seems fine.

The following changes I made in my .htaccess, then I pass successfull all test. Import are the numbers behind the Parameter R in the square bracket.

  RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [R=404,QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R=207,L]
  RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R=207,L]


1 Like

can you explain in more detail the configuration in the square bracket. Thanks

Die Parameters are described in the apache docu.

I just made a test with expected behaviour coded in the apps/settings/lib/SetupChecks)\WellKnownUrls.php


I’ve got exactly the same problem after upgrading to NC29.0.0. Never had this issue before. Error can’t be correct as the redirects are definitely working.

The Issue on GitHub: [Bug]: NC29 .well-known URLs, failed on: /.well-known/caldav · Issue #45033 · nextcloud/server · GitHub

Solution for me: Redirection to /remote.php/dav/ with trailing slash at the end in Nginx Proxy Manager makes the error message disappear.

1 Like

Same solution for me in NGINX. Missing trailing slash which wasn’t a problem before but is now in NC29.

-              location = /.well-known/carddav { return 301 https://$host/remote.php/dav; }
-              location = /.well-known/caldav  { return 301 https://$host/remote.php/dav; }
+              location = /.well-known/carddav { return 301 https://$host/remote.php/dav/; }
+              location = /.well-known/caldav  { return 301 https://$host/remote.php/dav/; }
1 Like

What is the correct procedure for Apache2?

This fixed the issue for me.

The final solution for Apache is here.

It works with the default setting. I had the problem before and send a solution by changing the number in the redirect statement. The final solution was disabeling all rewrite rules in .htaccess and copy the the content (only the few lines with the rewrites) from git. Works for Apache.

  RewriteEngine On
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]


This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.