Can't set up AIO, Secure Connection problem

trilbytim · October 29, 2025, 12:42pm

Support intro

Sorry to hear you’re facing problems.

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

Official documentation (searchable and regularly updated)
How to topics and FAQs
Forum search

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

The Basics

Nextcloud Server version (e.g., 29.x.x):
- AIO v11.10.0
Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu 24.04
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- AIO
Are you using CloudfIare, mod_security, or similar? (Yes / No)
- I don't think so

Summary of the issue you are facing:

I just can’t get this set up! I followed the AIO installer instructions on Github to try to install on a Virtual Machine that is being run by the University I work at. This VM is only accessible when I’m on the local network or VPN, although that isn’t a problem to me, I don’t know if it has anything to do with the other issues I’m having.

I get as far as seeing the page showing all my containers as running and the link to “Open your Nextcloud” However on following the link I get the Secure Connection Failed error as described here. I see Timeout during connect (likely firewall problem) in my logs, so I’ve tried those steps. According to this site I don’t have an AAAA DNS record, so it’s not that. It does show a CNAME record (value is amrc-jupyter.ddns.shef.ac.uk), but I don’t know how to change that. On “make sure that port 443 is correctly forwarded” I think this is OK, if I run nmap -p 443 143.167.159.105 from outside the VM I get a response: 443/tcp open https and inside the VM I get this:

Does this look right? Is there more I should be checking to make sure this port is correctly forwarded?

Log entries

Web server / Reverse Proxy

The output of Apache:


2025-10-29T09:25:14.364375816Z Waiting for Nextcloud to start...
2025-10-29T09:25:19.380351998Z Waiting for Nextcloud to start...
2025-10-29T09:25:24.390329602Z Waiting for Nextcloud to start...
2025-10-29T09:25:29.409932874Z Waiting for Nextcloud to start...
2025-10-29T09:25:34.423851355Z Waiting for Nextcloud to start...
2025-10-29T09:25:39.430396832Z Waiting for Nextcloud to start...
2025-10-29T09:25:44.455152443Z Waiting for Nextcloud to start...
2025-10-29T09:25:49.458974546Z Waiting for Nextcloud to start...
2025-10-29T09:25:54.468796438Z Waiting for Nextcloud to start...
2025-10-29T09:25:59.474690604Z Waiting for Nextcloud to start...
2025-10-29T09:26:04.479353939Z Waiting for Nextcloud to start...
2025-10-29T09:26:09.486403266Z Waiting for Nextcloud to start...
2025-10-29T09:26:14.491910700Z Waiting for Nextcloud to start...
2025-10-29T09:26:19.502493037Z Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!
2025-10-29T09:26:20.614514880Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-29T09:26:20.614558153Z   import pkg_resources
2025-10-29T09:26:21.775614966Z {"level":"info","ts":1761729981.7750852,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
2025-10-29T09:26:21.777372453Z {"level":"info","ts":1761729981.7753103,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
2025-10-29T09:26:21.777389878Z {"level":"info","ts":1761729981.7753747,"msg":"using config from file","file":"/tmp/Caddyfile"}
2025-10-29T09:26:21.779982746Z {"level":"info","ts":1761729981.7796974,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-29T09:26:21.785202318Z {"level":"info","ts":1761729981.7843597,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
2025-10-29T09:26:21.785391100Z {"level":"info","ts":1761729981.78491,"msg":"serving initial configuration"}
2025-10-29T09:26:21.815621721Z [Wed Oct 29 09:26:21.814260 2025] [mpm_event:notice] [pid 71:tid 71] AH00489: Apache/2.4.65 (Unix) configured -- resuming normal operations
2025-10-29T09:26:21.815653673Z [Wed Oct 29 09:26:21.814369 2025] [core:notice] [pid 71:tid 71] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
2025-10-29T09:26:33.989728468Z {"level":"error","ts":1761729993.9873796,"msg":"challenge failed","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
2025-10-29T09:26:33.989784483Z {"level":"error","ts":1761729993.9888628,"msg":"validating authorization","identifier":"amrc-jupyter.shef.ac.uk","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-v02.api.letsencrypt.org/acme/order/2742703981/442866954781","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
2025-10-29T09:26:33.989800108Z {"level":"error","ts":1761729993.9889128,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"amrc-jupyter.shef.ac.uk","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Timeout during connect (likely firewall problem)"}
2025-10-29T09:26:33.989807760Z {"level":"error","ts":1761729993.988943,"logger":"tls.obtain","msg":"will retry","error":"[amrc-jupyter.shef.ac.uk] Obtain: [amrc-jupyter.shef.ac.uk] solving challenge: amrc-jupyter.shef.ac.uk: [amrc-jupyter.shef.ac.uk] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Timeout during connect (likely firewall problem) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":12.19265935,"max_duration":2592000}
2025-10-29T09:27:47.181920149Z {"level":"error","ts":1761730067.1813414,"msg":"challenge failed","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
2025-10-29T09:27:47.182275599Z {"level":"error","ts":1761730067.181472,"msg":"validating authorization","identifier":"amrc-jupyter.shef.ac.uk","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/236745253/28338230693","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
2025-10-29T09:27:47.182297539Z {"level":"error","ts":1761730067.1815314,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"amrc-jupyter.shef.ac.uk","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Timeout during connect (likely firewall problem)"}
2025-10-29T09:27:47.182308493Z {"level":"error","ts":1761730067.181561,"logger":"tls.obtain","msg":"will retry","error":"[amrc-jupyter.shef.ac.uk] Obtain: [amrc-jupyter.shef.ac.uk] solving challenge: amrc-jupyter.shef.ac.uk: [amrc-jupyter.shef.ac.uk] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":85.385277618,"max_duration":2592000}

After this didn’t work

I noticed in the Apache log it keeps mentioning a caddyserver, so I looked into this. Does this mean my VM is behind a Caddy server? I therefore tried setting this up and using the docker-compose file below. This hasn’t really made any difference except I now get another error on the command line from Caddy with the output below

docker-compose:

services:
  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-o>
    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://doc>
    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-f>
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution w>
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If >
    network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and>
    # networks: ["nextcloud-aio"]
    ports:
      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See htt>
      - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanat>
      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See>
   caddy:
    image: caddy:alpine
    restart: always
    container_name: caddy
    volumes:
      - caddy_certs:/certs
      - caddy_config:/config
      - caddy_data:/data
      - caddy_sites:/srv
    network_mode: "host"
    configs:
      - source: Caddyfile
        target: /etc/caddy/Caddyfile
configs:
  Caddyfile:
    content: |
      # Adjust cloud.example.com to your domain below
      https://amrc-jupyter.shef.ac.uk:443 {
        reverse_proxy localhost:11000
      }

volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on->
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
  caddy_certs:
  caddy_config:
  caddy_data:
  caddy_sites:

caddy error:

caddy                          | {"level":"info","ts":1761739497.3218536,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
caddy                          | {"level":"info","ts":1761739497.3222804,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
caddy                          | {"level":"info","ts":1761739497.3226297,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy                          | {"level":"info","ts":1761739497.3234003,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy                          | {"level":"warn","ts":1761739497.3234115,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
caddy                          | {"level":"info","ts":1761739497.3269083,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy                          | {"level":"info","ts":1761739497.3276005,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000485800"}
caddy                          | {"level":"info","ts":1761739497.328023,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy                          | {"level":"info","ts":1761739497.3281574,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy                          | {"level":"info","ts":1761739497.3292139,"logger":"http","msg":"servers shutting down with eternal grace period"}
caddy                          | {"level":"info","ts":1761739497.3296545,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000485800"}
caddy                          | {"level":"info","ts":1761739497.3298097,"msg":"maxprocs: No GOMAXPROCS change to reset"}
caddy                          | Error: loading initial config: loading new config: http app module: start: listening on :443: listen tcp :443: bind: address already in use
caddy exited with code 1 (restarting)

szaimen · October 29, 2025, 12:44pm

Hi, please have a look at all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub

trilbytim · October 29, 2025, 1:44pm

Hi, I have looked at that and I’ve been trying to follow it. I’ve just realised that I hadn’t included the environment section though, so I’ve now added lines for Apache Port, IP binding, Additional network and Skip Domain Validation.

It still doesn’t work though! Although now the error messages are a bit different, I’ve attached those and the docker-compose file I’m using below

docker-compose:

services:
  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-o>
    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://doc>
    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-f>
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution w>
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If >
    network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and>
    # networks: ["nextcloud-aio"]
    ports:
      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See htt>
      - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanat>
      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See>
    environment:
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 0.0.0.0 # Also tried 127.0.0.1
      APACHE_ADDITIONAL_NETWORK: ""
      SKIP_DOMAIN_VALIDATION: false
   caddy:
    image: caddy:alpine
    restart: always
    container_name: caddy
    volumes:
      - caddy_certs:/certs
      - caddy_config:/config
      - caddy_data:/data
      - caddy_sites:/srv
    network_mode: "host"
    configs:
      - source: Caddyfile
        target: /etc/caddy/Caddyfile
configs:
  Caddyfile:
    content: |
      # Adjust cloud.example.com to your domain below
      https://amrc-jupyter.shef.ac.uk:443 {
        reverse_proxy localhost:11000
      }

volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on->
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
  caddy_certs:
  caddy_config:
  caddy_data:
  caddy_sites:

Caddy error


caddy                          | {"level":"info","ts":1761745281.2628264,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
caddy                          | {"level":"info","ts":1761745281.2643325,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
caddy                          | {"level":"info","ts":1761745281.265276,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy                          | {"level":"info","ts":1761745281.2714295,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy                          | {"level":"warn","ts":1761745281.2714493,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
caddy                          | {"level":"info","ts":1761745281.2751224,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
caddy                          | {"level":"info","ts":1761745281.275588,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy                          | {"level":"info","ts":1761745281.2757344,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy                          | {"level":"info","ts":1761745281.276382,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00003a580"}
caddy                          | {"level":"info","ts":1761745281.2778504,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy                          | {"level":"info","ts":1761745281.278048,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy                          | {"level":"info","ts":1761745281.2798185,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy                          | {"level":"info","ts":1761745281.2805266,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00003a580"}
caddy                          | {"level":"info","ts":1761745281.2814314,"logger":"http","msg":"servers shutting down with eternal grace period"}
caddy                          | {"level":"info","ts":1761745281.2820678,"msg":"maxprocs: No GOMAXPROCS change to reset"}
caddy                          | Error: loading initial config: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use
caddy exited with code 1 (restarting)

Apache log

2025-10-29T13:41:47.254008896Z Waiting for Nextcloud to start...
2025-10-29T13:41:52.264880894Z Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!
2025-10-29T13:41:53.001780729Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-29T13:41:53.001883456Z   import pkg_resources
2025-10-29T13:41:54.155631084Z {"level":"info","ts":1761745314.1549997,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
2025-10-29T13:41:54.155860799Z {"level":"info","ts":1761745314.1552367,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
2025-10-29T13:41:54.155875693Z {"level":"info","ts":1761745314.1552808,"msg":"using config from file","file":"/tmp/Caddyfile"}
2025-10-29T13:41:54.158962674Z {"level":"info","ts":1761745314.158624,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-29T13:41:54.164252227Z {"level":"info","ts":1761745314.163756,"msg":"serving initial configuration"}
2025-10-29T13:41:54.190557901Z [Wed Oct 29 13:41:54.188251 2025] [mpm_event:notice] [pid 77:tid 77] AH00489: Apache/2.4.65 (Unix) configured -- resuming normal operations
2025-10-29T13:41:54.190598186Z [Wed Oct 29 13:41:54.188369 2025] [core:notice] [pid 77:tid 77] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'

szaimen · October 29, 2025, 7:14pm

This needs to be removed from the compose file then it should work I think…

trilbytim · October 29, 2025, 9:10pm

Unfortunately not Still the same Secure Connection Failed error when trying to Open Your Nextcloud

A different output from Caddy though, no longer the “address already in use” error, now it’s back to complaining about likely firewall blocking.

Now I get the output on the command line of:

$ sudo docker compose up
WARN[0000] volume "nextcloud_aio_mastercontainer" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
[+] Running 2/2
 ✔ Container caddy                          Created                                                                                          0.1s 
 ✔ Container nextcloud-aio-mastercontainer  Created                                                                                          0.1s 
Attaching to caddy, nextcloud-aio-mastercontainer
caddy  | {"level":"info","ts":1761771702.5036163,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
caddy  | {"level":"info","ts":1761771702.5042236,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
caddy  | {"level":"info","ts":1761771702.5049434,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy  | {"level":"info","ts":1761771702.5089948,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy  | {"level":"warn","ts":1761771702.50901,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
nextcloud-aio-mastercontainer  | Trying to fix docker.sock permissions internally...
caddy                          | {"level":"info","ts":1761771702.512667,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy                          | {"level":"info","ts":1761771702.5132482,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy                          | {"level":"info","ts":1761771702.5135014,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy                          | {"level":"info","ts":1761771702.51343,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00049c600"}
caddy                          | {"level":"info","ts":1761771702.516558,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy                          | {"level":"info","ts":1761771702.5176704,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy                          | {"level":"info","ts":1761771702.5180404,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy                          | {"level":"warn","ts":1761771702.518261,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
caddy                          | {"level":"warn","ts":1761771702.518295,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
caddy                          | {"level":"info","ts":1761771702.518365,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy                          | {"level":"info","ts":1761771702.51841,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["amrc-jupyter.shef.ac.uk"]}
caddy                          | {"level":"info","ts":1761771702.5251133,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy                          | {"level":"info","ts":1761771702.525133,"msg":"serving initial configuration"}
caddy                          | {"level":"info","ts":1761771702.5272038,"logger":"tls.obtain","msg":"acquiring lock","identifier":"amrc-jupyter.shef.ac.uk"}
caddy                          | {"level":"info","ts":1761771702.5300875,"logger":"tls.obtain","msg":"lock acquired","identifier":"amrc-jupyter.shef.ac.uk"}
caddy                          | {"level":"info","ts":1761771702.5301638,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"amrc-jupyter.shef.ac.uk"}
caddy                          | {"level":"info","ts":1761771702.5354724,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["amrc-jupyter.shef.ac.uk"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy                          | {"level":"info","ts":1761771702.5355537,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["amrc-jupyter.shef.ac.uk"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy                          | {"level":"info","ts":1761771702.535585,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/2759252891","account_contact":[]}
nextcloud-aio-mastercontainer  | Creating docker group internally with id 988
nextcloud-aio-mastercontainer  | Initial startup of Nextcloud All-in-One complete!
nextcloud-aio-mastercontainer  | You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
nextcloud-aio-mastercontainer  | E.g. https://internal.ip.of.this.server:8080
nextcloud-aio-mastercontainer  | ⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
nextcloud-aio-mastercontainer  | 
nextcloud-aio-mastercontainer  | If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
nextcloud-aio-mastercontainer  | https://your-domain-that-points-to-this-server.tld:8443
caddy                          | {"level":"info","ts":1761771703.4844196,"msg":"trying to solve challenge","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
nextcloud-aio-mastercontainer  | /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
nextcloud-aio-mastercontainer  |   import pkg_resources
caddy                          | 1.7617717042717931e+09 info    [FileStorage:/data/caddy] /data/caddy/locks/storage_clean.lock: Empty lockfile (EOF) - likely previous process crashed or storage medium failure; treating as stale
caddy                          | 1.7617717042718356e+09 info    [FileStorage:/data/caddy] Lock for 'storage_clean' is stale (created: 0001-01-01 00:00:00 +0000 UTC, last update: 0001-01-01 00:00:00 +0000 UTC); removing then retrying: /data/caddy/locks/storage_clean.lock
caddy                          | {"level":"info","ts":1761771704.275244,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"0a60d76d-2d52-4570-aecb-4355f4692594","try_again":1761858104.2752414,"try_again_in":86399.999999535}
caddy                          | {"level":"info","ts":1761771704.2755606,"logger":"tls","msg":"finished cleaning storage units"}
nextcloud-aio-mastercontainer  | {"level":"info","ts":1761771705.6195996,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
nextcloud-aio-mastercontainer  | {"level":"info","ts":1761771705.6198287,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
nextcloud-aio-mastercontainer  | {"level":"info","ts":1761771705.6198885,"msg":"using config from file","file":"/Caddyfile"}
nextcloud-aio-mastercontainer  | {"level":"info","ts":1761771705.6294725,"msg":"adapted config to JSON","adapter":"caddyfile"}
nextcloud-aio-mastercontainer  | {"level":"info","ts":1761771705.6420774,"msg":"serving initial configuration"}
nextcloud-aio-mastercontainer  | [Wed Oct 29 21:01:45.651382 2025] [mpm_event:notice] [pid 137:tid 137] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.5.4 configured -- resuming normal operations
nextcloud-aio-mastercontainer  | [Wed Oct 29 21:01:45.651441 2025] [core:notice] [pid 137:tid 137] AH00094: Command line: 'httpd -D FOREGROUND'
nextcloud-aio-mastercontainer  | [29-Oct-2025 21:01:45] NOTICE: fpm is running, pid 143
nextcloud-aio-mastercontainer  | [29-Oct-2025 21:01:45] NOTICE: ready to handle connections
caddy                          | {"level":"error","ts":1761771716.8629951,"msg":"challenge failed","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Fetching http://amrc-jupyter.shef.ac.uk/.well-known/acme-challenge/fCHfNYgf_ZCipJsZTCaJ1vfwInU5vU5wer_K514iHIw: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"error","ts":1761771716.86417,"msg":"validating authorization","identifier":"amrc-jupyter.shef.ac.uk","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Fetching http://amrc-jupyter.shef.ac.uk/.well-known/acme-challenge/fCHfNYgf_ZCipJsZTCaJ1vfwInU5vU5wer_K514iHIw: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-v02.api.letsencrypt.org/acme/order/2759252891/443020420081","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"info","ts":1761771718.2373571,"msg":"trying to solve challenge","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
caddy                          | {"level":"error","ts":1761771729.9155922,"msg":"challenge failed","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"error","ts":1761771729.9157355,"msg":"validating authorization","identifier":"amrc-jupyter.shef.ac.uk","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-v02.api.letsencrypt.org/acme/order/2759252891/443020479011","attempt":2,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"error","ts":1761771729.9158018,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"amrc-jupyter.shef.ac.uk","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Timeout during connect (likely firewall problem)"}
caddy                          | {"level":"error","ts":1761771729.915857,"logger":"tls.obtain","msg":"will retry","error":"[amrc-jupyter.shef.ac.uk] Obtain: [amrc-jupyter.shef.ac.uk] solving challenge: amrc-jupyter.shef.ac.uk: [amrc-jupyter.shef.ac.uk] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Timeout during connect (likely firewall problem) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":27.385753694,"max_duration":2592000}
caddy                          | {"level":"info","ts":1761771789.9551716,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"amrc-jupyter.shef.ac.uk"}
caddy                          | {"level":"info","ts":1761771790.0325432,"logger":"http","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/238590113","account_contact":[]}
caddy                          | {"level":"info","ts":1761771790.9544828,"msg":"trying to solve challenge","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy                          | {"level":"error","ts":1761771802.983344,"msg":"challenge failed","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"error","ts":1761771802.9887464,"msg":"validating authorization","identifier":"amrc-jupyter.shef.ac.uk","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/238590113/28356935273","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"info","ts":1761771804.253797,"msg":"trying to solve challenge","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy                          | {"level":"error","ts":1761771814.7172112,"msg":"challenge failed","identifier":"amrc-jupyter.shef.ac.uk","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Fetching http://amrc-jupyter.shef.ac.uk/.well-known/acme-challenge/H5Ud_xu-FogHrJXYq6llIw7yJtJoLuHOn_a_4eAfjBU: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"error","ts":1761771814.7180035,"msg":"validating authorization","identifier":"amrc-jupyter.shef.ac.uk","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"143.167.159.105: Fetching http://amrc-jupyter.shef.ac.uk/.well-known/acme-challenge/H5Ud_xu-FogHrJXYq6llIw7yJtJoLuHOn_a_4eAfjBU: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/238590113/28356941133","attempt":2,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
caddy                          | {"level":"error","ts":1761771814.7188685,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"amrc-jupyter.shef.ac.uk","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Fetching http://amrc-jupyter.shef.ac.uk/.well-known/acme-challenge/H5Ud_xu-FogHrJXYq6llIw7yJtJoLuHOn_a_4eAfjBU: Timeout during connect (likely firewall problem)"}
caddy                          | {"level":"error","ts":1761771814.7195644,"logger":"tls.obtain","msg":"will retry","error":"[amrc-jupyter.shef.ac.uk] Obtain: [amrc-jupyter.shef.ac.uk] solving challenge: amrc-jupyter.shef.ac.uk: [amrc-jupyter.shef.ac.uk] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 143.167.159.105: Fetching http://amrc-jupyter.shef.ac.uk/.well-known/acme-challenge/H5Ud_xu-FogHrJXYq6llIw7yJtJoLuHOn_a_4eAfjBU: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":112.189460656,"max_duration":2592000}

Apache log

2025-10-29T21:03:48.647862555Z Waiting for Nextcloud to start...
2025-10-29T21:03:53.653565843Z Connection to nextcloud-aio-nextcloud (172.18.0.10) 9000 port [tcp/*] succeeded!
2025-10-29T21:03:54.481392185Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-29T21:03:54.481424991Z   import pkg_resources
2025-10-29T21:03:55.676756060Z {"level":"info","ts":1761771835.6763675,"msg":"maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined"}
2025-10-29T21:03:55.677122769Z {"level":"info","ts":1761771835.676609,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":1856533708,"previous":9223372036854775807}
2025-10-29T21:03:55.677139997Z {"level":"info","ts":1761771835.6769555,"msg":"using config from file","file":"/tmp/Caddyfile"}
2025-10-29T21:03:55.679284897Z {"level":"info","ts":1761771835.6791117,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-29T21:03:55.686551316Z {"level":"info","ts":1761771835.6848369,"msg":"serving initial configuration"}
2025-10-29T21:03:55.710045284Z [Wed Oct 29 21:03:55.709614 2025] [mpm_event:notice] [pid 77:tid 77] AH00489: Apache/2.4.65 (Unix) configured -- resuming normal operations
2025-10-29T21:03:55.710076233Z [Wed Oct 29 21:03:55.709702 2025] [core:notice] [pid 77:tid 77] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'

szaimen · October 29, 2025, 9:12pm

Can you post the caddy container logs now? Does that work?

trilbytim · October 30, 2025, 10:39am

I don’t know where to find the Caddy log file, looking online it says it should be a file called access.log and be in the working directory, or in /var/log/caddy, but there’s no file called that in either the directory containing the docker-compose file or /var/log/caddy (this is an empty directory). I did a search for access.log but the only files it found with that name were in apache2 subfolders, so are presumably not to do with Caddy. I’m not very familiar with using Docker, perhaps it’s put somewhere else when running Docker?

I did get a lot of Caddy messages on the command line which kept repeating Timeout during connect (likely firewall problem), I included those on the previous post (that was running without the 80:80 line.

szaimen · October 30, 2025, 11:03am

Based on the compose file above you installed a dedicated caddy container. I need the container logs of it…

trilbytim · October 30, 2025, 2:21pm

Ah, is this it in this Pastebin link? (from /var/lib/docker/containers/)