The Basics
- Nextcloud Server version (e.g., 29.x.x):
Nextcloud Hub 10 (31.0.2)
- Operating system and version (e.g., Ubuntu 24.04):
Ubuntu 22.04.5 LTS
- Web server and version (e.g, Apache 2.4.25):
Apache/2.4.52 (Ubuntu)
- Reverse proxy and version _(e.g. nginx 1.27.2)
nginx/1.18.0 (Ubuntu)
- PHP version (e.g, 8.3):
8.3
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
April 3rd 2025
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Bare Metal
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
No federated users can accept my invite in talk, and no outside users can send invitations to my cloud ID in talk.
Files seems to work.
Every time someone clicks the accept button, or send me an invite I get a series of 3 errors that involve cert errors.
We have been banging our heads on this for about a week now. The steps we have taken to troubleshoot so far.
- Confirm NTP
- Confirm SSL certs for the site is up to date.
- Try many variation on Apache backend and NGINX front end configs stabbing in the dark.
Steps to replicate it (hint: details matter!):
- Open the talk app
- Create a new conversation
- Invite a participant using their federated cloud ID.
- User received invitation but when they click accept it fails on their end and logs are generated on mine.
Log entries
Nextcloud
Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.
{
"reqId": "s97CKQQDFleC3GaJPzWd",
"level": 2,
"time": "2025-04-07T22:50:56+00:00",
"remoteAddr": "167.224.199.113",
"user": false,
"app": "cloud_federation_api",
"method": "POST",
"url": "/index.phps",
"message": "wrongly signed request",
"userAgent": "Nextcloud Server Crawler",
"version": "31.0.2.1",
"exception": {
"Exception": "NCU\\Security\\Signature\\Exceptions\\InvalidSignatureException",
"Message": "signature issue",
"Code": 0,
"Trace": [
{
"file": "/var/www/nextcloud/lib/private/Security/Signature/SignatureManager.php",
"line": 157,
"function": "verify",
"class": "OC\\Security\\Signature\\Model\\IncomingSignedRequest",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Security/Signature/SignatureManager.php",
"line": 108,
"function": "confirmIncomingRequestSignature",
"class": "OC\\Security\\Signature\\SignatureManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php",
"line": 337,
"function": "getIncomingSignedRequest",
"class": "OC\\Security\\Signature\\SignatureManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php",
"line": 102,
"function": "getSignedRequest",
"class": "OCA\\CloudFederationAPI\\Controller\\RequestHandlerController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 200,
"function": "addShare",
"class": "OCA\\CloudFederationAPI\\Controller\\RequestHandlerController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 114,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
"line": 161,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Route/Router.php",
"line": 307,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::"
},
{
"file": "/var/www/nextcloud/lib/base.php",
"line": 1025,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->"
},
{
"file": "/var/www/nextcloud/index.php",
"line": 24,
"function": "handleRequest",
"class": "OC",
"type": "::"
}
],
"File": "/var/www/nextcloud/lib/private/Security/Signature/Model/IncomingSignedRequest.php",
"Line": 255,
"message": "wrongly signed request",
"exception": [],
"CustomMessage": "wrongly signed request"
},
"id": "67f456d494a33"
}
{
"reqId": "s97CKQQDFleC3GaJPzWd",
"level": 2,
"time": "2025-04-07T22:50:56+00:00",
"remoteAddr": "167.224.199.113",
"user": false,
"app": "no app in context",
"method": "POST",
"url": "/index.phps",
"message": "signature could not be verified",
"userAgent": "Nextcloud Server Crawler",
"version": "31.0.2.1",
"exception": {
"Exception": "NCU\\Security\\Signature\\Exceptions\\InvalidSignatureException",
"Message": "signature issue",
"Code": 0,
"Trace": [
{
"file": "/var/www/nextcloud/lib/private/Security/Signature/SignatureManager.php",
"line": 157,
"function": "verify",
"class": "OC\\Security\\Signature\\Model\\IncomingSignedRequest",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Security/Signature/SignatureManager.php",
"line": 108,
"function": "confirmIncomingRequestSignature",
"class": "OC\\Security\\Signature\\SignatureManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php",
"line": 337,
"function": "getIncomingSignedRequest",
"class": "OC\\Security\\Signature\\SignatureManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php",
"line": 102,
"function": "getSignedRequest",
"class": "OCA\\CloudFederationAPI\\Controller\\RequestHandlerController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 200,
"function": "addShare",
"class": "OCA\\CloudFederationAPI\\Controller\\RequestHandlerController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 114,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
"line": 161,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Route/Router.php",
"line": 307,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::"
},
{
"file": "/var/www/nextcloud/lib/base.php",
"line": 1025,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->"
},
{
"file": "/var/www/nextcloud/index.php",
"line": 24,
"function": "handleRequest",
"class": "OC",
"type": "::"
}
],
"File": "/var/www/nextcloud/lib/private/Security/Signature/Model/IncomingSignedRequest.php",
"Line": 255,
"message": "signature could not be verified",
"exception": [],
"signedRequest": {
"body": "{\"shareWith\":\"fed_user1@example.cloud\",\"shareType\":\"user\",\"name\":\"jhy4dzpr\",\"resourceType\":\"talk-room\",\"description\":\"\",\"providerId\":\"35\",\"owner\":\"fed_user2@nextcloud.example.com\",\"ownerDisplayName\":\"chad jewell\",\"sharedBy\":\"fed_user2@nextcloud.example.com\",\"sharedByDisplayName\":\"chad jewell\",\"protocol\":{\"name\":\"nctalk\",\"options\":{\"sharedSecret\":\"sQ3Q4tSsKjNW99EnNz3aw9pkKb9kMa5NRp4y66YeY7cwxaeSWsRKcK6W38y4dtsN\",\"permissions\":\"{http:\\/\\/open-cloud-mesh.org\\/ns}share-permissions\"},\"invitedCloudId\":\"fed_user1@example.cloud\",\"roomName\":\"private\",\"roomType\":2,\"roomDefaultPermissions\":0}}",
"digest": "SHA-512=sEH5zfSykXbk9p9xfug2Lf6tyeS/VQWMX/DYgHVguFLBM9aH1jrXQ8gIEf3dCpp34aSj5FhfPv3SHdHnjHnMdQ==",
"digestAlgorithm": "SHA-512",
"signingElements": {
"keyId": "https://nextcloud.example.com/ocm#signature",
"algorithm": "rsa-sha512",
"headers": "(request-target) content-length date digest host",
"signature": "CKQzP4qjX05f2w0jbn7thR30esiTntLfJvraJMx2n5UoJWfV0rrc99osrmc7nF7Cm5/GasF8Pdi66R/bGj6EzaIhaYsT0WOriQnxPIYMZZyTZ13v0/YKhSXNhD3ajTlQ1mnFZOKtKxO68/qStg2/IQEOe1Fpq/8TjJfK5w4OpqTMCa6En7lP43vsF96wbNcLcSoqTEEBSybnxWa0dVGnSYSNauiZb0mwPi0N9Er2NnB9T/WNqKszFMZ6sjypPrGKIVxxrMvBmpAwUR1wPn99Miqg8jB9LVs4bjlDGvIgbPElJoBIeUArwcb2T/qO8UrXWsAuCI8o4DrH95Oq1aMOkw=="
},
"signatureData": [
"(request-target): post /index.phps",
"content-length: 619",
"date: Mon, 07 Apr 2025 22:50:56 GMT",
"digest: SHA-512=sEH5zfSykXbk9p9xfug2Lf6tyeS/VQWMX/DYgHVguFLBM9aH1jrXQ8gIEf3dCpp34aSj5FhfPv3SHdHnjHnMdQ==",
"host: example.cloud"
],
"signature": "CKQzP4qjX05f2w0jbn7thR30esiTntLfJvraJMx2n5UoJWfV0rrc99osrmc7nF7Cm5/GasF8Pdi66R/bGj6EzaIhaYsT0WOriQnxPIYMZZyTZ13v0/YKhSXNhD3ajTlQ1mnFZOKtKxO68/qStg2/IQEOe1Fpq/8TjJfK5w4OpqTMCa6En7lP43vsF96wbNcLcSoqTEEBSybnxWa0dVGnSYSNauiZb0mwPi0N9Er2NnB9T/WNqKszFMZ6sjypPrGKIVxxrMvBmpAwUR1wPn99Miqg8jB9LVs4bjlDGvIgbPElJoBIeUArwcb2T/qO8UrXWsAuCI8o4DrH95Oq1aMOkw==",
"signatory": {
"keyId": "https://nextcloud.example.com/ocm#signature",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzaN4FRmQUVWT0k9M9kz\n4wNgbyXO0a5z3Ny5q7nAIfhW+u20GzdjgbRSLJxK8eO5s7KTb09e66L6F+LmCopx\nxNzqLNBLUGsXaznh/yP/25EZM1MBa8ChhplI0mrf2dS3GIbhujmmkMGIWcEHvQBi\nXgCg2MQuJjO/mAYXFqy8BtFou28xDrDFcaN9XDPnel1CG9dmr0emH/Db6JenUBnF\nmeuaJSQ/cVW9+czOllSM0z8UgTvQ5oFWeFmkvRj3RHycM6DjP7Q/LjsBo0E7IJtG\n6yY89m8rLcKe6S3UMzkSwIJUjG3x1kmqy8Pte/fV2vsQ0V1dve9A+keCS545CE36\nswIDAQAB\n-----END PUBLIC KEY-----\n"
},
"options": {
"algorithm": "rsa-sha512",
"digestAlgorithm": "SHA-512",
"extraSignatureHeaders": [],
"ttl": 300,
"dateHeader": "D, d M Y H:i:s T",
"ttlSignatory": 259200,
"bodyMaxSize": 50000
},
"origin": "nextcloud.example.com"
},
"signatoryManager": "OC\\OCM\\OCMSignatoryManager",
"CustomMessage": "signature could not be verified"
},
"id": "67f456d494a55"
}
{
"reqId": "9OnF9AQXLzc59T7h6YPY",
"level": 2,
"time": "2025-04-07T22:50:21+00:00",
"remoteAddr": "167.224.199.113",
"user": false,
"app": "cloud_federation_api",
"method": "POST",
"url": "/index.phps",
"message": "incoming request exception",
"userAgent": "Nextcloud Server Crawler",
"version": "31.0.2.1",
"exception": {
"Exception": "NCU\\Security\\Signature\\Exceptions\\IncomingRequestException",
"Message": "Invalid signature",
"Code": 0,
"Trace": [
{
"file": "/var/www/nextcloud/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php",
"line": 102,
"function": "getSignedRequest",
"class": "OCA\\CloudFederationAPI\\Controller\\RequestHandlerController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 200,
"function": "addShare",
"class": "OCA\\CloudFederationAPI\\Controller\\RequestHandlerController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 114,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
"line": 161,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Route/Router.php",
"line": 307,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::"
},
{
"file": "/var/www/nextcloud/lib/base.php",
"line": 1025,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->"
},
{
"file": "/var/www/nextcloud/index.php",
"line": 24,
"function": "handleRequest",
"class": "OC",
"type": "::"
}
],
"File": "/var/www/nextcloud/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php",
"Line": 351,
"message": "incoming request exception",
"exception": [],
"CustomMessage": "incoming request exception"
},
"id": "67f456b66105d"
}
Web server / Reverse Proxy configs
Backend: Apache
<VirtualHost *:80>
DocumentRoot /var/www/nextcloud/
ServerName example.cloud
ErrorLog /var/log/apache2/nextcloud-error.log
CustomLog /var/log/apache2/nextcloud-access.log combined
<Directory /var/www/nextcloud/>
Options MultiViews FollowSymlinks
AllowOverride All
Require all granted
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
Frontend: NGINX
server {
server_name example.cloud;
location / {
proxy_pass http://10.133.3.252;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Ssl on; # Explicitly indicates SSL was used
proxy_buffers 64 4k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_read_timeout 3600;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ^~ /.well-known {
return 301 $scheme://$host/index.php$uri;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.cloud/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/example-access.log;
error_log /var/log/nginx/example-error.log;
}
server {
if ($host = example.cloud) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.cloud;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}
I would pay someone to post a work NGINX Reverse Proxy config that work for all Nextcloud features.
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"updatedirectory": "\/var\/www\/ncupdate",
"dbtype": "mysql",
"version": "31.0.2.1",
"trusted_domains": [
"127.0.0.1",
"example.cloud"
],
"overwritehost": "example.cloud",
"overwriteprotocol": "https",
"overwritewebroot": "\/",
"overwrite.cli.url": "https:\/\/example.cloud",
"htaccess.RewriteBase": "\/",
"forwarded_for_headers": [
"HTTP_X_FORWARDED_FOR"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"memories.exiftool": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
"memories.vod.path": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
"maintenance": false,
"maintenance_window_start": 1,
"default_phone_region": "US",
"memcache.local": "\\OC\\Memcache\\Redis",
"filelocking.enabled": "true",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"timeout": 0,
"dbindex": 0
},
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\OpenDocument",
"OC\\Preview\\Krita",
"OC\\Preview\\TIFF",
"OC\\Preview\\Movie",
"OC\\Preview\\MOV",
"OC\\Preview\\MKV",
"OC\\Preview\\MP4",
"OC\\Preview\\AVI",
"OC\\Preview\\HEIC",
"OC\\Preview\\Image",
"OC\\Preview\\Movie"
],
"preview_max_scale_factor": 10,
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_sendmailmode": "smtp",
"mail_smtpport": "465",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"has_rebuilt_cache": true,
"memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
"memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
"theme": "",
"loglevel": 2,
"log_type": "file",
"logfile": "\/var\/www\/ncupdate\/nextcloud.log",
"logdateformat": "F d, Y H:i:s",
"log_rotate_size": 104857600,
"memories.db.triggers.fcu": true
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 4.0.0
- announcementcenter: 7.1.0
- app_api: 5.0.2
- bookmarks: 15.1.0
- bruteforcesettings: 4.0.0
- calendar: 5.2.1
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- collectives: 2.16.1
- comments: 1.21.0
- contacts: 7.0.4
- contactsinteraction: 1.12.0
- cookbook: 0.11.3
- dashboard: 7.11.0
- dav: 1.33.0
- deck: 1.15.0
- drawio: 3.0.9
- external: 6.0.2
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- geoblocker: 0.5.16
- groupfolders: 19.0.4
- guests: 4.2.0
- impersonate: 2.0.0
- keeweb: 0.6.21
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- mail: 4.3.6
- memegen: 1.1.1
- memories: 7.5.2
- nextcloud_announcements: 3.0.0
- notes: 4.11.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- previewgenerator: 5.8.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recognize: 9.0.0
- recommendations: 4.0.0
- registration: 2.7.0
- related_resources: 2.0.0
- richdocuments: 8.6.4
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- side_menu: 4.1.1
- spreed: 21.0.1
- support: 3.0.0
- survey_client: 3.0.0
- suspicious_login: 9.0.1
- systemtags: 1.21.1
- tasks: 0.16.1
- text: 5.0.0
- theming: 2.6.1
- timemanager: 0.3.18
- twofactor_backupcodes: 1.20.0
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- updatenotification: 1.21.0
- uppush: 2.3.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0
- encryption: 2.19.0
- files_external: 1.23.0
- maps: 1.5.0 (installed 1.5.0)
- user_ldap: 1.22.0
OpenSSL s_client test results
administrator@my-vps:~$ openssl s_client -connect example.cloud:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = example.cloud
verify return:1
---
Certificate chain
0 s:CN = example.cloud
i:C = US, O = Let's Encrypt, CN = R10
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 14 19:30:36 2025 GMT; NotAfter: Jun 12 19:30:35 2025 GMT
1 s:C = US, O = Let's Encrypt, CN = R10
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISBraph/rPgtbwneWVkJ3HXx2JMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwMzE0MTkzMDM2WhcNMjUwNjEyMTkzMDM1WjAcMRowGAYDVQQD
ExFtZXJvdmluZ2lhbi5jbG91ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPCZLI2CM6vcKaqCFQwr7yaEPULS08EHpUJpXUJ75lrBIX89Pw48d0/GuDo0
cwYTRYjs5HbFXa4CaH2F3YRtiPj5pnnR8+V49pgMVksJOlB5KKEcEKNqh5hbnCyG
T4deVbpytHwrQQdDFLyc7OB7X8SSoNcnzupG+i9sinVLenFIrt14u1f7tWd7r1ZI
GCY01brJN7MD7SMf7X87Q+jNt7eTAWT8xnVPahWpMtUDCJXSdIHONffyhK9UuT8u
XqX4f1c/FBy0cnVT539Ktn8g96GYOC77YtpO3YUlpoQoaBeWBIPHnGoADz7+sMxo
4SuVSg8d5DUVlZJUOrVHxog6rXUCAwEAAaOCAkMwggI/MA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUtMkJWAZ8XJ4wbjkIMndOWUBa6LAwHwYDVR0jBBgwFoAUu7zDR6Xk
vKnGw6RyDBCNojXhyOgwVwYIKwYBBQUHAQEESzBJMCIGCCsGAQUFBzABhhZodHRw
Oi8vcjEwLm8ubGVuY3Iub3JnMCMGCCsGAQUFBzAChhdodHRwOi8vcjEwLmkubGVu
Y3Iub3JnLzAcBgNVHREEFTATghFtZXJvdmluZ2lhbi5jbG91ZDATBgNVHSAEDDAK
MAgGBmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vcjEwLmMubGVuY3Iu
b3JnLzEwLmNybDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKLjCuRF772tm344
7Udnd1PXgluElNcrXhssxLlQpEfnAAABlZZYprcAAAQDAEYwRAIgHEnr3KbiYzv9
uoUXkgAQd6yq4bqwSqO5I8/XbuunZ5YCICR1uNSRHuBW9BbGiiEUfAErzWJ3Et7I
juk2ChWjAuerAHUATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGV
llimxwAABAMARjBEAiAyIUTeD0zvX+lz319exuriq2v6mFL37cxCwDyKluE+fAIg
OCfa/5LYag8OIszrtmla5yvOi+5qBKB+wfDr9RfS3VUwDQYJKoZIhvcNAQELBQAD
ggEBABayLdElTQLYToxC6MA6tGvD1UMs6gaPXPD+OM0F+SM8uDriHoovRZuyAjh0
iG6O0IaZ6JK/xqe0FWjQKwdBaVQXW9uR1SxOlieOalNwvzSMRP73rfvpf6Uy3g1g
pjaQSt3jMdcO2Q54s2+ABNtKiebpS/VrCl4cwnr+SWJXgC5V0/BG/B5vYzP8/vDe
cKIPiflqL/tuCjg5NMIFv53is8jBYD7OLxlBqIE3ek7jPwmA3Q+e+H2fcNlqkFwn
ZW8UgAi6xom8+3PwxbsPrvsIax8+jvnn+d053sjGrS3KdEtirXnb7SwP64I5Z/vA
1sFF/IWNPgcMA9xCvVeksXha2QI=
-----END CERTIFICATE-----
subject=CN = example.cloud
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3170 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: C1CD95DFB6A2D1930322927AE862DE8E2FB90D86E2077088F82044BDB996E4EF
Session-ID-ctx:
Resumption PSK: 38DAF384574FEB54903C6D6E69D4EB456019C8DFF064D7CD4AA6B4BF192F68912345D3F978823E5EC59D6118DDAAEDE1
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - e8 10 a1 ba 5f db 08 1c-cd 8d 43 d2 a5 5f de 9c ...._.....C.._..
0010 - 47 08 d3 87 90 ac 87 b5-4a 96 fb 29 72 83 ab d7 G.......J..)r...
Start Time: 1744090954
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: BFF65575F2A9EBAB4F011D4EFE9CB1659FDE3CAE523C45CF58A0C8EC4C6E6132
Session-ID-ctx:
Resumption PSK: 8294FC78ACEA11C8604E0F2493D59D2465247E4F2EB5A7B9E475F25EECE3B06BDA22B2718766D633FA58F72A611A310A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 5a ea c6 72 8c 87 e4 ac-bb 85 40 52 77 52 67 e6 Z..r......@RwRg.
0010 - 7a 8c ca b0 33 ae f4 4b-a2 12 48 d2 6a 26 56 cb z...3..K..H.j&V.
Start Time: 1744090954
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK