Support intro
Sorry to hear you’re facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. 
The Basics
- Nextcloud Server version (e.g., 29.x.x):
see below
- Operating system and version (e.g., Ubuntu 24.04):
Proxmox 8.3.0 - AIO 11.9.0
- Web server and version (e.g, Apache 2.4.25):
- Apache
2.4.65
- Apache
- Reverse proxy and version _(e.g. nginx 1.27.2)
none
- PHP version (e.g, 8.3):
see AIO
- Is this the first time you’ve seen this error? (Yes / No):
I've had this error since changing ISP, ignored it until now as not a heavy user of Nextcloud.
- When did this problem seem to first start?
When I changed ISP and set up the new router.
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
AIO on Proxmox 8.3.0
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
Yes - Cloudflare DNS
Summary of the issue you are facing:
The problem is that Lets-Encrypt is not managing to renew the certificate
I changed my ISP and unfortunately ended up with only DS-Lite, that means IPv6 support and dynamic-shared IPv4.
I could not remember all the steps I’d taken before but tried to follow original setup guides to get it back up and running but probably it was easier because I could use IPv4.
What I did was…
Set up static IP for both v4 and v6 locally and then added the public IPv6 to cloudflare DNS and disabled Proxy mode.
There is more information in the apache log.
The IPv6 using the AAAA record is correct and for the A record I’ve put 192.0.2.1 as a dummy.
Later I noticed that port 8443 needed to be open on the router so I’ve opened that.
Now on my Windows machine when I use:
Test-NetConnection 192.168.1.2 -port 443
Test-NetConnection 192.168.1.2 -port 8443
Both succeed.
When I do the same with IPv6 only 443 succeeds and 8443 fails. So I don’t know if that indicates a problem with the docker configuration. Port 8443 is successfully forwading on the router but obviously I cannot connect to the container.
Steps to replicate it (hint: details matter!):
-
Change public IP address
-
Delete A record for Nextcloud domain. Add AAAA record for Nextcloud domain.
-
Attempt to renew the certificate
Log entries
Nextcloud
Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.
{"level":"error","ts":1759332502.344358,"logger":"tls.obtain","msg":"will retry", "error":"[domain.com] Obtain: [domain.com] solving challenge: domain.com: [domain.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:tls - public::ipv6: Fetching https://domain.com/.well-known/acme-challenge/Vgup3JVAqYd4EnfnJHKWPRChspvHAWdhDZR6T9c_gwQ: remote error: tls: internal error (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":64.876078596,"max_duration":2592000}
Web Browser
If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.
N/A
Web server / Reverse Proxy
The output of your Apache/nginx/system log in /var/log/____:
{"level":"error","ts":1759333579.4843776,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - Unable to contact \"domain.com\" at \"public::ipv6\", no IPv4 addresses to try as fallback"}
2025-10-01T15:46:19.484711970Z {"level":"error","ts":1759333579.484407,"logger":"tls.obtain","msg":"will retry","error":"[domain.com] Obtain: [domain.com] solving challenge: domain.com: [domain.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:malformed - Unable to contact \"domain.com\" at \"public::ipv6\", no IPv4 addresses to try as fallback (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":6,"retrying_in":600,"elapsed":1210.003093049,"max_duration":2592000}
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
sorry, couldn't get it. Vanilla AIO install. No copy/paste, no ssh available.
Apps
The output of occ app:list (if possible).
Tips for increasing the likelihood of a response
- Use the
preformatted textformatting option in the editor for all log entries and configuration output. - If screenshots are useful, feel free to include them.
- If possible, also include key error output in text form so it can be searched for.
- Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
Thanks, Chris
