Nextcloud AIO deployed via helm not able to get Certificates

OLED01 · April 8, 2026, 8:51am

I tried to deploy the Nextcloud AIO on Kubernetes Cluster using the official helm chart provided here: all-in-one/nextcloud-aio-helm-chart at main · nextcloud/all-in-one · GitHub

The installation itself works fine until this errors appear:

Waiting 10 seconds before activating fulltextsearch…
Activating fulltextsearch…

.Testing your current setup:
Creating mocked content provider. ok
Testing mocked provider: get indexable documents. (2 items) ok
Loading search platform. An unhandled exception has been thrown:
TypeError: OCA\FullTextSearch_Elasticsearch\Vendor\Elastic\Elasticsearch\ClientBuilder::setBasicAuthentication(): Argument #1 ($username) must be of type string, false given, called in /var/www/html/custom_apps/fulltextsearch_elasticsearch/lib/Platform/ElasticSearchPlatform.php on line 436 and defined in /var/www/html/custom_apps/fulltextsearch_elasticsearch/lib/Vendor/Elastic/Elasticsearch/ClientBuilder.php:213
Stack trace:
#0 /var/www/html/custom_apps/fulltextsearch_elasticsearch/lib/Platform/ElasticSearchPlatform.php(436): OCA\FullTextSearch_Elasticsearch\Vendor\Elastic\Elasticsearch\ClientBuilder->setBasicAuthentication(false, false)
#1 /var/www/html/custom_apps/fulltextsearch_elasticsearch/lib/Platform/ElasticSearchPlatform.php(404): OCA\FullTextSearch_Elasticsearch\Platform\ElasticSearchPlatform->configureAuthentication(Object(OCA\FullTextSearch_Elasticsearch\Vendor\Elastic\Elasticsearch\ClientBuilder), Array)
#2 /var/www/html/custom_apps/fulltextsearch_elasticsearch/lib/Platform/ElasticSearchPlatform.php(137): OCA\FullTextSearch_Elasticsearch\Platform\ElasticSearchPlatform->connectToElastic(Array)
#3 /var/www/html/custom_apps/fulltextsearch/lib/Service/PlatformService.php(139): OCA\FullTextSearch_Elasticsearch\Platform\ElasticSearchPlatform->loadPlatform()
#4 /var/www/html/custom_apps/fulltextsearch/lib/Service/PlatformService.php(52): OCA\FullTextSearch\Service\PlatformService->loadPlatform()
#5 /var/www/html/custom_apps/fulltextsearch/lib/Command/Test.php(230): OCA\FullTextSearch\Service\PlatformService->getPlatform()
#6 /var/www/html/custom_apps/fulltextsearch/lib/Command/Test.php(92): OCA\FullTextSearch\Command\Test->testLoadingPlatform(Object(Symfony\Component\Console\Output\ConsoleOutput))
#7 /var/www/html/3rdparty/symfony/console/Command/Command.php(326): OCA\FullTextSearch\Command\Test->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#8 /var/www/html/core/Command/Base.php(220): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#9 /var/www/html/3rdparty/symfony/console/Application.php(1083): OC\Core\Command\Base->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#10 /var/www/html/3rdparty/symfony/console/Application.php(324): Symfony\Component\Console\Application->doRunCommand(Object(OCA\FullTextSearch\Command\Test), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#11 /var/www/html/3rdparty/symfony/console/Application.php(175): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#12 /var/www/html/lib/private/Console/Application.php(187): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#13 /var/www/html/console.php(92): OC\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput))
#14 /var/www/html/occ(33): require_once(‘/var/www/html/c…’)
#15 {main}Fulltextsearch failed. Could not index.
If you want to skip indexing in the future, see https://github.com/nextcloud/all-in-one/discussions/1709
app_api 33.0.0 disabled

‘[’ ‘’ = true ‘]’

set +x
Waiting for nextcloud-aio-apache to become available…
[08-Apr-2026 10:35:50] NOTICE: fpm is running, pid 606
[08-Apr-2026 10:35:50] NOTICE: ready to handle connections
Connection to nextcloud-aio-apache (10.254.196.12) 443 port [tcp/https] succeeded!
Activating Collabora config…
✓ Reset callback url autodetect
Checking configuration
🛈 Configured WOPI URL: https://nextcloud-aio.domain.tld
🛈 Configured public WOPI URL: https://nextcloud-aio.domain.tld
🛈 Configured callback URL:

Failed to fetch discovery endpoint from https://nextcloud-aio.domain.tld
cURL error 35: TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://nextcloud-aio.domain.tld/hosting/discovery

When checking the apache container I can see the following errors:

Connection to nextcloud-aio-nextcloud (10.254.81.214) 9000 port [tcp/*] succeeded!
[Wed Apr 08 10:36:02.145348 2026] [mpm_event:notice] [pid 200:tid 200] AH00489: Apache/2.4.66 (Unix) configured -- resuming normal operations
[Wed Apr 08 10:36:02.145394 2026] [core:notice] [pid 200:tid 200] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
{"level":"info","ts":1775637362.1713035,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
{"level":"error","ts":1775637374.563487,"msg":"challenge failed","identifier":"nextcloud-aio.domain.tld","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 1.2.3.4: Timeout after connect (your server may be slow or overloaded)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:570\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:391\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:149\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:498\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:391\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.11.1/modules/caddytls/acmeissuer.go:292\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:662\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:736\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:532\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:73"}
{"level":"error","ts":1775637374.5637367,"msg":"validating authorization","identifier":"nextcloud-aio.domain.tld","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 1.2.3.4: Timeout after connect (your server may be slow or overloaded)","instance":"","subproblems":null},"order":"https://acme-v02.api.letsencrypt.org/acme/order/3220274441/498530600561","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:165\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:498\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:391\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.11.1/modules/caddytls/acmeissuer.go:292\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:662\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:736\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:532\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:73"}
{"level":"error","ts":1775637374.5638113,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud-aio.domain.tld","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 1.2.3.4: Timeout after connect (your server may be slow or overloaded)"}
{"level":"error","ts":1775637374.5638514,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud-aio.domain.tld] Obtain: [nextcloud-aio.domain.tld] solving challenge: nextcloud-aio.domain.tld: [nextcloud-aio.domain.tld] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 1.2.3.4: Timeout after connect (your server may be slow or overloaded) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":12.368571699,"max_duration":2592000}
{"level":"error","ts":1775637379.4083478,"logger":"tls","msg":"tls-alpn challenge","remote_addr":"10.0.0.191:43609","server_name":"nextcloud-aio.domain.tld","error":"no information found to solve challenge for identifier: nextcloud-aio.domain.tld"}
{"level":"error","ts":1775637446.7660003,"msg":"challenge failed","identifier":"nextcloud-aio.domain.tld","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"1.2.3.4: Timeout after connect (your server may be slow or overloaded)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:570\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:391\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:149\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:498\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:391\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.11.1/modules/caddytls/acmeissuer.go:292\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:662\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:736\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:532\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:73"}
{"level":"error","ts":1775637446.766134,"msg":"validating authorization","identifier":"nextcloud-aio.domain.tld","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"1.2.3.4: Timeout after connect (your server may be slow or overloaded)","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/281160113/35793281943","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:165\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:498\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:391\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.11.1/modules/caddytls/acmeissuer.go:292\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:662\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:736\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:532\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:73"}
{"level":"error","ts":1775637446.766201,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud-aio.domain.tld","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 1.2.3.4: Timeout after connect (your server may be slow or overloaded)"}
{"level":"error","ts":1775637446.7662344,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud-aio.domain.tld] Obtain: [nextcloud-aio.domain.tld] solving challenge: nextcloud-aio.domain.tld: [nextcloud-aio.domain.tld] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 1.2.3.4: Timeout after connect (your server may be slow or overloaded) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":84.570955199,"max_duration":2592000}
{"level":"error","ts":1775637578.1140752,"msg":"challenge failed","identifier":"nextcloud-aio.domain.tld","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"1.2.3.4: Timeout after connect (your server may be slow or overloaded)","instance":"","subproblems":null},"stacktrace":"github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:570\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:391\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:149\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:498\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:391\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.11.1/modules/caddytls/acmeissuer.go:292\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:662\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:736\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:532\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:73"}
{"level":"error","ts":1775637578.114199,"msg":"validating authorization","identifier":"nextcloud-aio.domain.tld","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"1.2.3.4: Timeout after connect (your server may be slow or overloaded)","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/281160113/35793359533","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.6/client.go:165\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:498\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.25.2/acmeissuer.go:391\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.11.1/modules/caddytls/acmeissuer.go:292\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:662\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:736\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:532\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.25.2/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.25.2/async.go:73"}
{"level":"error","ts":1775637578.1142561,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud-aio.domain.tld","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 1.2.3.4: Timeout after connect (your server may be slow or overloaded)"}
{"level":"error","ts":1775637578.114277,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud-aio.domain.tld] Obtain: [nextcloud-aio.domain.tld] solving challenge: nextcloud-aio.domain.tld: [nextcloud-aio.domain.tld] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 1.2.3.4: Timeout after connect (your server may be slow or overloaded) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":215.918997606,"max_duration":2592000}

I deployed the stack using argo with values.yaml as base with the following values:

project: nextcloud-aio
source:
repoURL: 

targetRevision: ‘*’
helm:
valueFiles:
- values.yaml
parameters:
- name: NC_DOMAIN
value: nextcloud-aio.domain.tld
- name: TIMEZONE
value: Europe/Vienna
- name: UPDATE_NEXTCLOUD_APPS
value: ‘yes’
- name: CLAMAV_ENABLED
value: ‘yes’
- name: COLLABORA_ENABLED
value: ‘yes’
- name: DATABASE_PASSWORD
value: 
- name: IMAGINARY_ENABLED
value: ‘yes’
- name: INSTALL_LATEST_MAJOR
value: ‘yes’
- name: TALK_ENABLED
value: ‘yes’
- name: TALK_RECORDING_ENABLED
value: ‘yes’
- name: FULLTEXTSEARCH_ENABLED
value: ‘yes’
- name: NAMESPACE
value: nextcloud-aio
- name: NEXTCLOUD_STORAGE_SIZE
value: 5Gi
- name: ONLYOFFICE_ENABLED
value: ‘yes’
- name: NEXTCLOUD_DATA_STORAGE_SIZE
value: 20Gi
- name: NEXTCLOUD_PASSWORD
value: 
- name: TURN_SECRET
value: 
- name: SIGNALING_SECRET
value: 
- name: FULLTEXTSEARCH_PASSWORD
value: 
- name: TALK_INTERNAL_SECRET
value: 
- name: RECORDING_SECRET
value: 
- name: REDIS_PASSWORD
value: 
- name: IMAGINARY_SECRET
value: 
- name: ONLYOFFICE_SECRET
value: 
- name: WHITEBOARD_SECRET
value: 
- name: APACHE_PORT
value: ‘443’
chart: nextcloud-aio-helm-chart
destination:
server: https://kubernetes.default.svc
namespace: nextcloud-aio

When trying to connect, to my instance, the connection times out. Has anybody an idea what I am missing or doing wrong? Thanks for your help.