The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.
The Basics
Nextcloud Server version (e.g., 29.x.x):
32.0.3
Operating system and version (e.g., Ubuntu 24.04):
Ubuntu and Linuxmint
Web server and version (e.g, Apache 2.4.25):
Truenas25.10.1
Reverse proxy and version _(e.g. nginx 1.27.2)
replace me
PHP version (e.g, 8.3):
8.3.28
Are you using CloudfIare, mod_security, or similar? (Yes / No)
Tailscale
Summary of the issue you are facing:
I’m running Nextcloud on my Truenas for quite a while now. Using desktop clients for my Windos machines, and the Nextcloud app for my telephone. All syncing fine, not only files but also my contacts and agenda with webdav. Secured the whole thing with Tailscale. Now I’m trying several Linux versions to find out which one (as a Linux noob) I will use to replace my windows machines with. I installed Ubuntu and Linuxmint as Virtual Machines. All went fine until I tried connecting Nextcloud desktop client with my server. Gave in the ip and the portnumber. After that the browser comes up. I have to accept that the certificate is not valid and after that a message is shown that I cannot connect to Nextcloud. So I cannot accept connection with my Nextcloud server. Both the linux VM’s have the same behavior and cannot connect.
assuming your Nextcloud installation is correctly available publicly via DNS and correctly certified via SSL, you need to enter the public domain https://your.domain.tls, since the linux nextcloud connector will be expecting an encrypted connection. see 101: Network, domain and DNS and 101: Self-hosting information for beginners
Thank you for your response @scubamuc. My first post was send too soon, I wanted to save the post, not publish.
But I also cannot login with my browser in Nextcloud too. I can login on my truenas, which is on the same ip. Don’t understand why I cannot login in Nextcloud. You say Nextcloud desktop client on Linux is more picky with SSL than Windows is? I think when I say I want to enter the website even though the certificate is not valid, I should be able to enter Nextcloud?
And in the log from Nextcloud, nothing is happening when I try and login with the desktop client. So my attempt to make a connection is not even been seen…
All the computers I’m using are on a local network. All the apps I installed (dockge for instance) I can approach from tailscaleip:portnumber. Only Nextcloud is having problems. The strange thing is that when I try to approach Nextcloud with my localip: portnumber there is no response too. However, when I use this url: https://tailscaleip:30027/apps/dashboard/ I’m actually able to login to Nextcloud from my Ubuntu browser.
Very frustrating. I do not have an idea that it is Tailscale that is configured wrong, because I can make contact with my Ubuntu browser to Nextcloud. I can make contact with my local ip to Nextcloud from my Windows machine’s browser. From the Ubuntu VM I’m not able to make contact with the local ip, and I think I have to investigate that problem. Any ideas how to do so?
Could be that I’m missing something, but my Ubuntu VM has Tailsale installed and the Truenas/Nextcloud machine has also Tailscale installed. Both machines are talking with each other through Tailscale VPN I presume? NAT has nothing to do with that?
Well thought your NC-Server (Truenas) is in your LAN. No need for Tailsale then. Use local access.
I do run NC on Debian-Server in DMZ of my LAN. I use Debian and Ubuntu-Clients. For local access the pfsense delivers the FQDN of my NC as Alias name to its local IP-Address. So access works similar fom inside and outside the LAN.
WIth my solution thats not needed. Since i always use the FQDN. No matter a Device is inside or outside LAN
There is need for Tailscale as I want to be able to work (Android telephone and Laptop) outside my house too. And it’s overwhelming for me to think about me changing the whole setting with something else than Tailscale. Tailscale I understand to a certain level, and I think i have good security with Tailscale.
A thought. Would it be possible to install Tailscale from within Nextcloud? I think it could be less problematic if i could do so.
then you should be able to solve your connection issues?
without re-discussing those alleged security benefits and considering thousands of Nextcloud users who enjoy secure Nextcloud instances without it and no connectivity issues… why not use the service as it was intended, security in mind and publicly available?
Be happy with Tailscale. But remember Tailscale and Cloudflare provide about the same level of security but only when configured properly. I mentioned Cloudflare, becaue i remember mid Nov 2025 while Cloudflare experienced a significant global internet outage
today most applications heavily rely on TLS. it is not possible to enrol public certificates for (private) ip addresses. so you end up with untrusted or self-signed certificates. technically it’s not bad but silly security folks keep telling people self-signed certificates are unsecure and for this reason it’s a big deal to make them work.
Please review and understand following topics (replace VPN with tailscale, which is logically the same)
I have no clue about tailscale but I remember tailscale can issue DNS names and certificates somehow - likely you only need to import tailscale root CA into your client certificate store and once certificate warnings are gone you will be able to connect using tailscale (but all problems mentioned in regards of VPN remain)
Tailscale Magic DNS feature gives you the option to use fully qualified domain names with let’s encrypt certs, so you can just point to your machin using [machinename].[tailcaledomain] with a valid cert which will remove the need to use self-signed certs
Thank you @Janov911. To make this clear: Truenas and Nextcloud are on one machine. In Tailscale I’m connecting with machine name “truenas” to Truenas and with “truenas:30027” to Nextcloud. And yes my certificate was not valid anymore I saw in the Tailscale dashboard. Tailscale is installed within Truenas. From Truenas/apps I can shell into the Tailscale app folder, and there I installed new certificates with “tailscale cert truenas. tail*****.ts.net”. I got a positive reply that new certificates were installed, and in the Tailscale dashboard it is also seen that the certificate is valid for the coming 3 months. Strange thing is that I don’t have a positive reply when login in to my truenas form a browser. It still says there is no valid certificate.
I’m wondering. Do I have to install certificates on all my machines?
Hm. I found that though I do connect to tailscale:30027 I get back that the certificate is not to be trusted. The certificate named is the certificate from iXsystems, so the certificate from Truenas. How does this work, what am I not seeing? All my machines are with tailscale certificates right now. Why is the certificate from Truenas playing any role, while I’m connecting with tailscale ip?
Not sure you’d need to install any certs on the machines (I’ve never needed to do that) I just add the scope to the “trusted domains” in the nextcloud config, and then it just all works. From anywhere in the world I get connected to the nextcloud instance using the tailscale fully qualified domain name.
Is there an error in the rror log around DNS, Trusted domains or otherwise?
That does sound frustrating, especially since it works from Windows but not from Linux.
From the symptoms you described, this doesn’t really look like a Nextcloud “bug” so much as a combination of TLS/hostname and VM networking differences on Linux. The Linux desktop client (and even browsers) tend to be stricter about SSL and host validation than Windows.
A few things worth checking:
Hostname and certificate
If you’re connecting via an IP address or using a self-signed certificate, Linux clients may simply refuse the connection. Even if a browser lets you click through the warning, the Nextcloud client often won’t. Using a proper hostname (including Tailscale DNS, if you’re using that) with a valid certificate usually fixes this straight away.
trusted_domains in config.php
Make sure every hostname you use (local IP, DNS name, Tailscale name) is listed in config.php under trusted_domains. If it’s missing, Nextcloud will block the request even though the network itself is fine.
VM networking vs Nextcloud itself
Since your Linux VMs can connect over Tailscale but not over the local IP, this strongly points to a VM networking setup issue (NAT vs bridged, firewall rules, or routing), not Nextcloud. It’s worth double-checking that the VM really sits on the same LAN and can reach the server directly.
Quick sanity check
From the Linux VM, try:
curl -v https://your-hostname/remote.php/dav
If that fails due to TLS or routing, the desktop client won’t work either.
Overall, once you have a clean hostname + valid cert and confirm the VM network path is correct, the Linux client usually connects just as reliably as Windows. The due-diligence here isn’t much different from validating other network paths (for example when routing traffic through things like buy premium uk proxies) — isolating whether it’s TLS, routing, or app config makes the issue much clearer.
If you can share the exact client error message, it should be possible to narrow this down even further.
Closing connection
curl: (60) SSL certificate problem: self-signed certificate
More details here: curl - SSL CA Certificates
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
The self-signed certificate is the one from iXsystems I suppose.
