Dein Webserver ist nicht richtig konfiguriert, um "/.well-known/webfinger"

Hi Folks,
Since 3 day I try to figure out, what is the reason why I get always this error:

Dein Webserver ist nicht richtig konfiguriert, um “/.well-known/webfinger”

This are only the last error that I have ; formally 9 errors.

Installation: Raspian OS Bookwurm light; PHP 8.2 ; appache2 latest und Nextcloud latest (HUP 7 28.02) on my Migration-Platform.

I’m only a Nextcloud “USER” not a specialist, so I can only do what installation guy write on Internet or I’m using NC since long time; on my first instance I use 27.02; PHP 7.4 with no Problems.

So, some information and question.

NextCloud ist installed into /var/www/html/nextcloud

Nextcloud default installation shows me 3 x .htaccess

??? Are all three important, or which one is the master config?

My /var/www/html/nextcloud/.htaccess

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION

  <IfModule mod_env.c>
    # Add security and privacy related headers
    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table:
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"
    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"
    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"
    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "noindex, nofollow"
    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"
    SetEnv modHeadersAvailable true

  # Add cache control for static resources
  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite)$">
    <If "%{QUERY_STRING} =~ /(^|&)v=/">
      Header set Cache-Control "max-age=15778463, immutable"
      Header set Cache-Control "max-age=15778463"

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"

<IfModule mod_php.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddType application/wasm wasm
  AddEncoding gzip svgz
  # Serve ESM javascript files (.mjs) with correct mime type
  AddType text/javascript js mjs

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html

<IfModule pagespeed_module>
  ModPagespeed Off

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
  #RewriteRule ^\.well-known/carddav /remote.php/dav [R=301,L]
  #RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  #RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
  #RewriteRule ^\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L]
  RewriteRule ^ocm-provider/?$ /nextcloud/index.php [QSA,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ /index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]

AddDefaultCharset utf-8
Options -Indexes

ErrorDocument 403 /index.php/error/403
ErrorDocument 404 /index.php/error/404


<VirtualHost *:80>
        ServerName extNextCloud.klara100.wan
        ServerAlias extNextCloudcloud/"
        DocumentRoot /var/www/html/nextcloud
        LogLevel debug
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
#### -
#       RewriteEngine on
#       RewriteCond %{SERVER_NAME} =extNextCloud.klara100.wan
#       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
       RewriteEngine on
# -rb-  RewriteCond %{SERVER_NAME} =extNextCloud.klara100.wan
# -rb-  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

# start -rb from NextCloud.klara100.lan - keine Änderung 
#        <Directory /var/www/html/nextcloud>
#                Options Indexes FollowSymLinks
#                AllowOverride All
#                Require all granted
#        </Directory>
# end -rb- 

I’ve read a lot of internet pages, but I have no success to resolve my last 4 errors.
I’ve config only http yet.

Other topic:
http://extNextCloud.klara100.wan —> apache2 standard page
only http://extNextloud.klara100.wan/nextcloud/ show me my login page
What I want to have is http://extNextCloud.klara100.wan shows me my NC login pages.

My Nextcloud knowledge is limited, and I hope an NC specialist will have the solution in seconds.

Thanks for any Tip


I’m not an apache expert but from your config I get the feeling you try expose Nextcloud on different external and internal URLs (.wan and .lan). This is not a good idea for multiple reasons often discussed here.

You better go with splitbraindns approach which allows you to acces the system from your LAN using public FQDN but keeps public DNS and TLS cert… at the same time the config becomes easier and you can better address config issues.


I’ve installed NC 28 new - and ist working very well, but

Both NC on Provider Host and my local NC 28 create an Address book, “Konten”. I don’t want to have this, because there are distribute/sync. this address book to my other devices - Android; Thunderbird; And this Adress book content wrong addresses.

How can I eliminate/delete this address boot “Konten”.

Greetings from the south of Germany