Issues accessing Nextcloud AIO page

I am having issues accessing my Nextcloud AIO page in order to update my personal Nextcloud instance. I am selfhosting it on a Linux Ubuntu server (not in a VM). I used to be able to access my AIO page at https://MY_DOMAIN:8443/ but I tried to get to it again today and wasn’t able to access it, the connection times out. I tried rebooting my server and clearing my browsers cache; neither of those worked. I can access my normal Nextcloud page just fine, I am just having trouble accessing the AIO page. I logged in as my ADMIN user on Nextcloud and navigated to that page that links you to your AIO page, I clicked on that link, and that didn’t work either. It’s odd that this was all working before and just stopped working today. Maybe I messed up something silly when I was trying to update one of my other applications.

How can I check what the issue is and work to fix it?

Please let me know if you would like for me to provide any more information. Thanks!

Hi, can you post the nextcloud-aio-astercontainer logs here?

Hey @szaimen, yes. Let me get that for you now. How can I get that BTW :rofl:?

Are you looking for this file in my data directory? nextcloud.log

UPDATE: Never mind, that file is empty.

How can I access those logs?

Can you post the output of sudo docker logs nextcloud-aio-mastercontainer ?

Ok @szaimen, I found the logs and it has some good information in them. Here is the error that seems to be spamming in the logs…

{"level":"error","ts":1679690023.5662751,"logger":"tls.on_demand","msg":"renewing certificate on-demand failed","subjects":["MY_DOMAIN"],"not_after":1679257519,"error":"context canceled"}
{"level":"error","ts":1679690193.7384763,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"MY_DOMAIN","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/"}
{"level":"error","ts":1679690193.738527,"logger":"tls.renew","msg":"will retry","error":"[MY_DOMAIN] Renew: [MY_DOMAIN] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":0.212885773,"max_duration":2592000}
{"level":"error","ts":1679690254.9450939,"logger":"http.acme_client","msg":"challenge failed","identifier":"MY_DOMAIN","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"MY_IP: Fetching http://MY_DOMAIN/.well-known/acme-challenge/chD3aHnFeB4w--3qW3tMoADzyN2xkvIqlxO3NhhdClY: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1679690254.9451282,"logger":"http.acme_client","msg":"validating authorization","identifier":"MY_DOMAIN","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"MY_IP: Fetching http://MY_DOMAIN/.well-known/acme-challenge/chD3aHnFeB4w--3qW3tMoADzyN2xkvIqlxO3NhhdClY: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/81428273/7926873484","attempt":1,"max_attempts":3}
{"level":"error","ts":1679690254.9451604,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"MY_DOMAIN","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - MY_IP: Fetching http://MY_DOMAIN/.well-known/acme-challenge/chD3aHnFeB4w--3qW3tMoADzyN2xkvIqlxO3NhhdClY: Connection refused"}
{"level":"error","ts":1679690254.9451969,"logger":"tls.renew","msg":"will retry","error":"[MY_DOMAIN] Renew: [MY_DOMAIN] solving challenge: MY_DOMAIN: [MY_DOMAIN] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - MY_IP: Fetching http://MY_DOMAIN/.well-known/acme-challenge/chD3aHnFeB4w--3qW3tMoADzyN2xkvIqlxO3NhhdClY: Connection refused (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":61.419555373,"max_duration":2592000}
{"level":"error","ts":1679690283.5189333,"logger":"tls.on_demand","msg":"renewing and reloading certificate","server_name":"MY_DOMAIN","subjects":["MY_DOMAIN"],"expiration":1679257519,"remaining":-432674.518206875,"revoked":false,"error":"context canceled"}

Is it possible that port 80 is somehow closed? That would explain why the renewal fails.

No, it looks like port 80 is open on my UFW.

and this is the installation string I used to set it all up…

sudo docker run \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8888:80 \
--publish 8080:8080 \
--publish 8443:8443 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
-e NEXTCLOUD_DATADIR="/mnt/raid5/nextcloud" \
-e SKIP_DOMAIN_VALIDATION=true \
-e DISABLE_BACKUP_SECTION=true \
nextcloud/all-in-one:latest

Not sure if the special ports are playing a role in any of this…

Is there a way that I can access the AIO page locally? I tried to reach it at https://MY_IP:8080, but that wasn’t working either. I am not sure why it’s having trouble updating the certificate.

Yeah, so do you think my certificate expired on my domain and that it was trying to renew it but was running into issues? That would make since I guess, now just need to determine how to fix that.

Yes, this is what most likely happened. You can now until this is fixed use the AIO interface on port 8080 in the meanwhile.

Ok, yeah. I was able to access the AIO page on port 8080 at my servers local IP. I thought I had done that before but I think I was using the wrong IP. Yeah, so I haven’t had to renew my certs on my domains yet. The domain that I was using is the one I first created when I set this all up several months ago. It would line up in time if this was it needed to be renewed. Hmm, can I use a new domain? I’m new to all of this. So what happened to the old one, guess it just expired and my setup is making it hard to renew itself.

In your case is using port 8080 for the AIO interface completely fine so I would just keep using that.

You are saying to just keep using the private IP to access the AIO page on port 8080? I am fine with that, I’m just scared that the same thing will happen to my other domain that I use to access Nextcloud, that’ll it’ll expire too and will run into issues when it tires to renew. so I should just give up on trying to access the AIO page on my domain name?