Can't access Nextcloud with my subdomain

Your connection isn’t private

Wen attempting to log into my server via my domain, I get the above message, and cannot proceed.

I have included a screen shot of said iname. I use Cloudflare for my DNS resolution. ANY help would be appreciated, as this is driving me nuts!

You have your server configured for HSTS, but your certificate isn’t verifiable. You’ll need to resolve the certificate issue.

How do I fix this issue is the real question, and the one I asked for assistance with. I can read what it says. If I knew how to do that, I wouldn;t be asking for help.

I apologize, but this situation has me rather frustrated. It was working fine 2 weeks ago, and I made no changes to anything.

the error should be resolved if you follow above post

Well… you can hardly expect step by step instructions in the first reply when you haven’t provided any info about your system, logs, etc. The support template exists for a reason.

According to SSL Labs, you have a self-signed certificate. You have also enabled HSTS, which tells the browser under no circumstances connect without valid HTTPS. So there you are, your browser is refusing to proceed.

The invalid certificate is the problem.

1 Like

I appreciate the response. However I have no idea WHAT logs would be helpful, so I am not about to supply pages and pages of logs that are of no use.

I also have no idea what HSTS is, or why it would be enabled. Nor do I know what certificate I might need, as this is something on my own equipment at my house, and the browser would have no idea about any off this.

How do I get a valid certificate? if it s my own equipment, what makes it valid?

I run an up to date UnRaid, with the NextCloud docker, Swag as my reverse proxy and Cloudflare to process my domain. I am happy to give whatever info is needed that I can provide to help resolve this issue.

Following those directions really doesn’t help so much, since I am not using the same OS for my server. I appreciate the response though!

well… if you would need to pay for each sign/letter/line/page of log I totally would understand that comment. But - it’s all free here on the forum. Even the guys trying to help you are doing that for free. And they don’t ask any infos from you that are potentially of no use.

So IF you wanna the sheer chance of getting your problem solved I’d rather do what I was asked for even if I don’t know what’s needed of why.

well the template told you which ones. Plus - as this question if asked here frequently - you could simply use the build-in search-function of this forum

That’s OK. It directly implies the question: how have you installed your nextcloud? Maybe (and hopefully) there was a chapter about securing your NC and obtaining valid ssl-certificates for it… since NC isn’t meant to run locally in your private network without any connection to the outer world. Devs are putting real effort into keeping the software secure even though it’s connected to the internet.

Sounds like a bit of an uncommon aka advanced setup. Each of these tools could cause their own problems.

you see how important it is to convey more informations? :wink:

HI @Draconicwraith

In Firefox (don’t know about Chrome) you should be able to continue by unchecking that box in the settings:

But this is only a workaround and you should of course fix the actual issue and then check the box again. To help you doing this this, we need more details about your system and setup.

  • What OS are you using?
  • What installation method did you choose for Nextcloud?
  • How exactly did you install the certificate in the first place and did you change anything after that?
  • please post web server logs and your exact web server config (redact your actual domain name and IP address before posting)

Just found out that you are using Unraid. I don’t have any expirience with it and threfore I’m not able to help here, but I can highly recommend this YouTube channel. The guy has very comprehensive guides on how to setup Nextcloud on Unraid. Maybe it is of any help…

It’s a header provided by your web server or reverse proxy that tells the browsers not to connect without valid HTTPS.

I don’t know either since I know very little about your individual setup. Most people wait to enable it until they have verified their HTTPS is in good order.

That’s strange that you have a reverse proxy and DDOS protection provider but don’t know about HSTS or certificates. You’ve got the cart before the horse I’m sorry to say.

The reverse proxy would be the endpoint of the primary connection, so that’s where the certificate would need to be, and where HSTS is enabled. I’ve never heard of swag, so I can’t be of help there. Most people use certbot to get certificates, so maybe a good starting point would be to determine if it’s compatible with your setup.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.