Nextcloud 25.0.03 works on some devices, but not on all?!

Hello

A couple of days I found out, that my NC25, which I believed runs perfectly well, is not reachable on some devices. Of course not on mine, otherwise I would have realized the malfunction earlier.

The instance runs on Ubuntu 22.04 and all I recently did was to renew the certificate and update to 25.0.3. The installation about 6 months ago followed exctly this guide.

I had a look at the error.log and it came up with this.

2023/01/24 04:48:58 [crit] 1000#1000: *26670 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 184.105.139.68, server: 0.0.0.0:443
2023/01/24 04:55:55 [error] 1000#1000: *26732 access forbidden by rule, client: 184.105.139.68, server: nextcloud.examp.com, request: "GET /.git/config HTTP/1.1", host: "my.external.ip"

I’m not sure, if this is responsible for the malfunction and what this means exactly (I’m not a Nextcloud expert). But obviously there’s an issue regarding the certificate. But why does it work on my PC/Phone and not on some others?

Maybe someone has an idea?
Thank you

If you suspect your SSL setup, you can easily check the settings and it shows you which platforms are reachable or if you are too strict in you cypher selection:

Thanks for your hint.

I do get an A+. :smiley: Everything seems alright as far as I see it, no particular browser or so is excluded.

Do you or the devices use ipv6? You use a regular domain/subdomain to access your server?

The failed handshake is related to the devices that cannot access? The user then just can’t load the page or are they getting errors as well (invalid certificates…)?

No ipv6, just ipv4.
Yes, something like cloud.myinternetsite.com

The failed handshake is related to the devices that cannot access?

Good question, I guess I don’t know.

The user then just can’t load the page or are they getting errors as well (invalid certificates…)?

No, no errors or anything. They just land on the nginx standard welcome page.

Then it seems more a rewrite / virtual host domain. Is nginx correctly configured? Do you use the correct url on your clients including https and path?