Can't get rid of well-known webfinger errors

Good morning,
I got Nextcloud set up last week on my home NAS server. There were a few challenges/hickups along the way, but I got it up and running. I’m trying to address the warnings in the overview sectionl

There are some warnings regarding your setup.

  • The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips :arrow_upper_right:.

  • Your web server is not properly set up to resolve “/.well-known/webfinger”. Further information can be found in the documentation :arrow_upper_right:.

  • Your web server is not properly set up to resolve “/.well-known/nodeinfo”. Further information can be found in the documentation :arrow_upper_right:.

Please double check the installation guides :arrow_upper_right:, and check for any errors or warnings in the log.

I’ve followed the links and put the required lines in the .httpd file, but nothing is changing. I’m still getting the warning. I’ve searched this out many times on the web, and none of the suggestions appear to fix this issue.

Nextcloud version _(eg, 20.0.5)_: `Nextcloud 23.0.2`
Operating system and version _(eg, Ubuntu 20.04)_: `Fedora Server 35  5.16.13-200.fc35.x86_64`
Apache or nginx version _(eg, Apache 2.4.25)_:  `Apache/2.4.52 (Fedora Linux)`
PHP version _(eg, 7.4)_: `PHP 8.0.16`

Below is an ouput of /etc/httpd/.httpd

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/carddav /usr/share/nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /usr/share/nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /usr/share/nextcloud/index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /usr/share/nextcloud/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'log_type' => 'syslog',
  'datadirectory' => '/var/hda/files/drives/nextcloud/data/',
  'updatechecker' => false,
  'check_for_working_htaccess' => false,
  'asset-pipeline.enabled' => false,
  'assetdirectory' => '/var/lib/nextcloud',
  'preview_libreoffice_path' => '/usr/bin/libreoffice',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/usr/share/nextcloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/lib/nextcloud/apps',
      'url' => '/apps-appstore',
      'writable' => true,
    ),
  ),
  'passwordsalt' => XXXXXXXXXXXXXXXXXXXXX,
  'secret' => 'XXXXXXXXXXXXXXX',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'hda',
    2 => '192.168.1.72',
  ),
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'htaccess.RewriteBase' => '/',
  'dbtype' => 'mysql',
  'version' => '23.0.2.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => '127.0.0.1',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'XXXXXXXXXX',
  'dbpassword' => 'XXXXXXXXXXX',
  'logtimezone' => 'UTC',
  'installed' => true,
  'default_language' => 'en',
  'default_locale' => 'en_US',
  'default_phone_region' => 'US',
  'instanceid' => 'ocy0f617ynie',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.comcast.net',
  'mail_smtpport' => '587',
  'mail_from_address' => 'XXXXXXXX',
  'mail_domain' => 'XXXXXX.net',
  'mail_smtpsecure' => 'tls',
  'mail_smtpname' => 'XXXXXX@XXXXXXXX.net',
  'mail_smtppassword' => 'XXXXXXXXXX',
  'updater.release.channel' => 'stable',
  'updater.secret' => '$2y$10$/.U01G.mH7hOaWQ.WoP4Re0a3oayvOeYvlgZ8Mh68Gc1F4AbTElXy',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

Here’s one of my .httpd(htaccess) …
We have almost the same system. ( debian11.2 for me with Apache/2.4.52 and PHP 8.0.16 )

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers

    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"

    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"

    Header onsuccess unset X-Download-Options
    Header always set X-Download-Options "noopen"

    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"

    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"

    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "none"

    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"

    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for static resources
  <FilesMatch "\.(css|js|svg|gif|png|jpg|ico)$">
    Header set Cache-Control "max-age=15778463"
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

# PHP 7.x
<IfModule mod_php7.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

# PHP 8+
<IfModule mod_php.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

AddDefaultCharset utf-8
Options -Indexes
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 //
ErrorDocument 404 //

Also, you may check your apache modules, my list but our services ans usages may not be the same…

Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 brotli_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)