Nextcloud AIO Apache Container Unreachable: ERR_SSL_PROTOCOL_ERROR

Hello,

I’m trying to install Nexcloud with the AIO container in docker on a Ubuntu 22.04 LTS server.

I’ve opened ports 80, 443, and 8443 on my router.

I’ve also opened all the necessary ports in ufw as:

80 ALLOW Anywhere # nextcloud aio test
443 ALLOW Anywhere # nextcloud aio test
8443 ALLOW Anywhere # nextcloud aio test
8080 ALLOW Anywhere # nextcloud aio test

I’m using no-ip.com DDNS service to map my public IP address (which is not static) to my domain.

I’m able to start the mastercontainer, log in to it via both http://my-local-ip:8080 and https://my-public-domain.tld:8443, and start all the containers. However, when I try to open Nextcloud via https://my-public-domain.tld:443 once the containers are all fired up, I receive the error ERR_SSL_PROTOCOL_ERROR.

The logs of the nextcloud-aio-apache container are indicating that the tls-alpn-01 challenge for the automatic certificate is not successful. Relevant part from the log looks as follows:

{“level”:“info”,“ts”:1672183107.9087918,“logger”:“http.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“my-public-domain.net”,“challenge_type”:“tls-alpn-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
{“level”:“error”,“ts”:1672183118.4979508,“logger”:“http.acme_client”,“msg”:“challenge failed”,“identifier”:“my-public-domain.net”,“challenge_type”:“tls-alpn-01”,“problem”:{“type”:“urn:ietf:params:acme:error:connection”,“title”:“”,“detail”:“2a02:ab88:c3b:80:265e:beff:fe03:660b: Timeout during connect (likely firewall problem)”,“instance”:“”,“subproblems”:[ _ ]}}
{“level”:“error”,“ts”:1672183118.4980137,“logger”:“http.acme_client”,“msg”:“validating authorization”,“identifier”:“my-public-domain.net”,“problem”:{“type”:“urn:ietf:params:acme:error:connection”,“title”:“”,“detail”:“2a02:ab88:c3b:80:265e:beff:fe03:660b: Timeout during connect (likely firewall problem)”,“instance”:“”,“subproblems”:[ _ ]},“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/81073583/6204535493",“attempt”:1,"max_attempts”:3}
{“level”:“error”,“ts”:1672183118.4980655,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“my-public-domain.net”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“HTTP 400 urn:ietf:params:acme:error:connection - 2a02:ab88:c3b:80:265e:beff:fe03:660b: Timeout during connect (likely firewall problem)”}
{“level”:“error”,“ts”:1672183118.498123,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:“[my-public-domain.net] Obtain: [my-public-domain.net] solving challenge: my-public-domain.net: [my-public-domain.net] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 2a02:ab88:c3b:80:265e:beff:fe03:660b: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)”,“attempt”:2,“retrying_in”:120,“elapsed”:83.807857868,“max_duration”:2592000}

(I had to intentionally ruin all the URLs so that I’m allowed to post the new thread.)

I already tried switching the firewall off, and using different versions from the AIO container with no success. Could you advise me how to proceed with troubleshooting?

Thank you very much in advance!

Hi, you already identified your problem. It is likely caused by a wrongly configured ipv6 support.

Hi,

thanks for the quick answer. I did not configure ipv6 support at all, as I thought I don’t really need it. My router shows I do not have an ipv6 address at all. Is it necessary to get things working?

Hi again :slight_smile: ,

I think I found the issue with your hint. Although I have no ipv6 address at all, I somehow had an AAAA record for my domain at no-ip.com. I replaced it with a simple A record, and now I got a different error message in the nextcloud-aio-apache container, which is more encouraging.

{“level”:“error”,“ts”:1672224579.5324438,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“my-domain.net”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: cavefh.ddns.net, retry after 2022-12-29T19:21:30Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/”}

This is likely due to the many unsuccessful attempts I did yesterday to get it working. I guess and hope that I only have to wait then until tomorrow and it will work.

I’ll get back to you with the results.

Thank you again for your help!

This is most likely the reason. However I fear you will need to wait at least one week.

I was too excited to try it out so I changed my domain. :smiley: Everything works now, thanks for the hint regarding IPv6. :slight_smile:

1 Like

Great! Please mark one of the comments as the solution. Thanks!