Changing Certificaton Authority client not recognize Subject Alternative Name in Certificate

Nextcloud version (eg, 20.0.5): 20.0.12
Operating system and version (eg, Ubuntu 20.04): Debian 9
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.25-3
PHP version (eg, 7.4): 7.3.14-5

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. change server side certificate autority CA
  2. run Nextcloud client with relative (enabled) account

The output of your Nextcloud log in Admin > Logging:

NO ERROR

The output of your Apache/nginx/system log in /var/log/____:

AH01797: client denied by server configuration: /var/www/nextcloud/public_html/data/.ocdata

Hi there,
we are an Italian association, no-profit users
we have recently changed the CA from Letsencrypt to Zerossl, for better device back-compatibility.

All is working great (client/server web, client/server mail, client/server xmpp, and others) , except for Nextcloud Client (we had experience for now only on recent Linux desktop systems) where show randomly the following errors:

The issuer certificate of a locally locked up certificate could not be found.
No certificates could be verified.

we have seen here another very similar problem for a 2020 issue.

And we wonder what it might depend on. Whether from a certificate chain that is not correctly ordered or if from a client issue, or something else.

Have any of you had similar experiences and resolved them?

Thanks!

Here an error client screenshot →

Impossibile cloud.3x1t.org

Here I am again,
found the issue.
The problem depended on a misconfigured virtualhost SSL parameter.
Moving to Zerossl (plus acme.sh), I made the mistake of not installing a new

SSLCertificateChainFile

And the following parameter pointed to the old Letsencrypt chain cert:

/etc/letsencrypt/live/server.mydomain.org/chain.pem

To solve the issue, was enough to install the new (Zerossl) chain.pem in the right place :wink: