Can't open Nextcloud and can't get certificate

Hey,

I installed the Nextcloud-docker-AIO on my raspberry pi 4, everything went fine.
But when I try to open Nextcloud I get the error

Fehler: Gesicherte Verbindung fehlgeschlagen

Beim Verbinden mit cloud.cassel.digital trat ein Fehler auf. Die Gegenstelle meldet, dass sie auf einen internen Fehler gestoßen ist.

Fehlercode: SSL_ERROR_INTERNAL_ERROR_ALERT

I configured my DynDNS correctly and opened all relevant ports and pointed them to the raspberry pi.

In the Apache log it says:

{"level":"error","ts":1656931103.9644682,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"cloud.cassel.digital","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"2003:e4:9fff:1e91:6e3:1aff:feb1:7b9d: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1656931103.9646246,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"cloud.cassel.digital","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"2003:e4:9fff:1e91:6e3:1aff:feb1:7b9d: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/607683156/103690515916","attempt":1,"max_attempts":3}
{"level":"error","ts":1656931103.9647973,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"cloud.cassel.digital","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 2003:e4:9fff:1e91:6e3:1aff:feb1:7b9d: Timeout during connect (likely firewall problem)"}
{"level":"error","ts":1656931103.9648912,"logger":"tls.obtain","msg":"will retry","error":"[cloud.cassel.digital] Obtain: [cloud.cassel.digital] solving challenge: cloud.cassel.digital: [cloud.cassel.digital] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 2003:e4:9fff:1e91:6e3:1aff:feb1:7b9d: Timeout during connect (likely firewall problem) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":12.094173184,"max_duration":2592000}

Can anyone help, please?

I checked it with SSL Server Test (Powered by Qualys SSL Labs) . There are different possibilities. First maybe you have configured IPv4 and IPv6. Maybe you first deactivate IPv6. However, the error is probably not related to this.

How have you configured TLS/SSL. Please post your installation guide and your settings.

From inspection of your server header response, it seems you are using Caddy web server…

I’ve never used that server. However, it looks like it’s pre-packaged with an automated TLS cert acquisition and renewal process.

The documentation indicates an ordered list of challenges. It’s probably best to configure the DNS challenge since you are using DynDNS. That way the certificate should be issued no matter how complexly configured your proxy:

Of course, you might want to try a less automated server, which may have a larger support/documentation pool…

Here’s the Caddy TLS documentation for further reading:

Are you running the AIO master container or just some of the other containers from the AIO project? It makes a difference in how SSL needs to be handled.

I use the AIO master container.
I Just followed the instructions on the AIO GitHub page

i have the same issue, have you solved your problem?

Hi, if you are sure that you’ve configured everything correctly, you can simply skip the domain validation. See GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.

And for debugging, can you post the apache container logs here? Thanks!