The Basics
-
Nextcloud Server version (e.g., 29.x.x):
- latest ( Nextcloud AIO v10.14.0 )
-
Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu Server 24.04.2 LTS
-
Is this the first time you’ve seen this error? (Yes / No):
- Yes
-
When did this problem seem to first start?
- after install
-
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- AIO docker
-
Are you using CloudfIare, mod_security, or similar? (Yes / No)
- No
Summary of the issue you are facing:
Hello!
I want to have dockerised personal cloud on my server.
So I try to install Nextcloud-AIO version by manual. This is my command:
sudo docker run \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 80:80 \
--publish 8080:8080 \
--publish 8443:8443 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env NEXTCLOUD_DATADIR="/home/nc_aio/userdata" \
ghcr.io/nextcloud-releases/all-in-one:latest
After the install process finished I can open only 192.168…:8080 and 192.168…:8443 pages and can not open lifshits.xyz page… Nor for 80 or 443 ports.
I found in logs some error
{"level":"error","ts":1747267612.5224726,"msg":"validating authorization","identifier":"lifshits.xyz","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"95.165.5.51: Timeout during connect (likely firewall problem)","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/*****/**********","attempt":1,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.0/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:73"}
{"level":"error","ts":1747267612.5225637,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"lifshits.xyz","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 95.165.5.51: Timeout during connect (likely firewall problem)"}
{"level":"error","ts":1747267612.5226078,"logger":"tls.obtain","msg":"will retry","error":"[lifshits.xyz] Obtain: [lifshits.xyz] solving challenge: lifshits.xyz: [lifshits.xyz] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 95.165.5.51: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":347.181778872,"max_duration":2592000}
I was search this error in google and this forum, but I still do not understand reason of it.
I enable all ports forwarding on router, all ports are avail from the Internet.
I have another docker apps such as Mailu on this server, but I changed its 80 and 443 ports.
This is netstat, and it tell 80 and 443 ports available for AIO conteiner:
usr@serv:~$ sudo netstat -tulpn
[sudo] password for usr:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 2145992/docker-prox
tcp 0 0 127.0.0.1:8125 0.0.0.0:* LISTEN 14718/netdata
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2145979/docker-prox
tcp 0 0 192.168.1.100:19999 0.0.0.0:* LISTEN 14718/netdata
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2145964/docker-prox
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2143088/docker-prox
tcp 0 0 0.0.0.0:3478 0.0.0.0:* LISTEN 2144811/docker-prox
tcp 0 0 192.168.1.100:8011 0.0.0.0:* LISTEN 2151691/docker-prox
tcp 0 0 192.168.1.100:4431 0.0.0.0:* LISTEN 2151714/docker-prox
tcp 0 0 192.168.1.100:4190 0.0.0.0:* LISTEN 2151752/docker-prox
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1041/systemd-resolv
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 1041/systemd-resolv
tcp 0 0 192.168.1.100:465 0.0.0.0:* LISTEN 2151721/docker-prox
tcp 0 0 192.168.1.100:25 0.0.0.0:* LISTEN 2151684/docker-prox
tcp 0 0 192.168.1.100:110 0.0.0.0:* LISTEN 2151698/docker-prox
tcp 0 0 192.168.1.100:143 0.0.0.0:* LISTEN 2151706/docker-prox
tcp 0 0 0.0.0.0:51413 0.0.0.0:* LISTEN 5685/transmission-d
tcp 0 0 192.168.1.100:995 0.0.0.0:* LISTEN 2151744/docker-prox
tcp 0 0 192.168.1.100:993 0.0.0.0:* LISTEN 2151736/docker-prox
tcp 0 0 192.168.1.100:587 0.0.0.0:* LISTEN 2151728/docker-prox
tcp6 0 0 :::8443 :::* LISTEN 2145999/docker-prox
tcp6 0 0 :::8080 :::* LISTEN 2145985/docker-prox
tcp6 0 0 :::80 :::* LISTEN 2145971/docker-prox
tcp6 0 0 :::22 :::* LISTEN 1/init
tcp6 0 0 :::443 :::* LISTEN 2143095/docker-prox
tcp6 0 0 :::3478 :::* LISTEN 2144818/docker-prox
tcp6 0 0 :::51413 :::* LISTEN 5685/transmission-d
udp 0 0 0.0.0.0:3478 0.0.0.0:* 2144825/docker-prox
udp 0 0 0.0.0.0:6771 0.0.0.0:* 5685/transmission-d
udp 0 0 0.0.0.0:7359 0.0.0.0:* 1345/jellyfin
udp 0 0 127.0.0.1:8125 0.0.0.0:* 14718/netdata
udp 0 0 0.0.0.0:50886 0.0.0.0:* 5685/transmission-d
udp 0 0 0.0.0.0:51413 0.0.0.0:* 5685/transmission-d
udp 0 0 127.0.0.54:53 0.0.0.0:* 1041/systemd-resolv
udp 0 0 127.0.0.53:53 0.0.0.0:* 1041/systemd-resolv
udp 0 0 192.168.1.100:68 0.0.0.0:* 995/systemd-network
udp 0 0 0.0.0.0:443 0.0.0.0:* 2143102/docker-prox
udp6 0 0 :::3478 :::* 2144833/docker-prox
udp6 0 0 :::51413 :::* 5685/transmission-d
udp6 0 0 :::443 :::* 2143109/docker-prox
udp6 0 0 fe80::2e0:24ff:fe21:546 :::* 995/systemd-network
And this is ps output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c7b6604d0e1 ghcr.io/nextcloud-releases/aio-apache:latest "/start.sh /usr/bin/…" 5 hours ago Up 34 minutes (healthy) 80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:443->443/udp, [::]:443->443/tcp, [::]:443->443/udp nextcloud-aio-apache
ce6ad0597004 ghcr.io/nextcloud-releases/aio-whiteboard:latest "/start.sh" 5 hours ago Up 34 minutes (healthy) 3002/tcp nextcloud-aio-whiteboard
3cf25b4f823f ghcr.io/nextcloud-releases/aio-notify-push:latest "/start.sh" 5 hours ago Up 34 minutes (healthy) nextcloud-aio-notify-push
5386899f3995 ghcr.io/nextcloud-releases/aio-nextcloud:latest "/start.sh /usr/bin/…" 5 hours ago Up 34 minutes (healthy) 9000/tcp nextcloud-aio-nextcloud
2826d015b0d6 ghcr.io/nextcloud-releases/aio-imaginary:latest "/start.sh" 5 hours ago Up 34 minutes (healthy) nextcloud-aio-imaginary
f3eb9ae0834b ghcr.io/nextcloud-releases/aio-talk-recording:latest "/start.sh python -m…" 5 hours ago Up 34 minutes (healthy) nextcloud-aio-talk-recording
7705a20efde4 ghcr.io/nextcloud-releases/aio-fulltextsearch:latest "/bin/tini -- /usr/l…" 5 hours ago Up 34 minutes (healthy) 9200/tcp, 9300/tcp nextcloud-aio-fulltextsearch
4cabccc9261b ghcr.io/nextcloud-releases/aio-clamav:latest "/start.sh /usr/bin/…" 5 hours ago Up 34 minutes (healthy) nextcloud-aio-clamav
ad1f09a9da5f ghcr.io/nextcloud-releases/aio-redis:latest "/start.sh" 5 hours ago Up 34 minutes (healthy) 6379/tcp nextcloud-aio-redis
d3246f40f9e2 ghcr.io/nextcloud-releases/aio-postgresql:latest "/start.sh" 5 hours ago Up 34 minutes (healthy) 5432/tcp nextcloud-aio-database
0402371015e0 ghcr.io/nextcloud-releases/aio-talk:latest "/start.sh superviso…" 5 hours ago Up 34 minutes (healthy) 0.0.0.0:3478->3478/tcp, 0.0.0.0:3478->3478/udp, [::]:3478->3478/tcp, [::]:3478->3478/udp nextcloud-aio-talk
a8f559c0dc64 ghcr.io/nextcloud-releases/aio-collabora:latest "/start-collabora-on…" 5 hours ago Up 34 minutes (healthy) 9980/tcp nextcloud-aio-collabora
3d60ba4dc1f2 ghcr.io/nextcloud-releases/all-in-one:latest "/start.sh" 5 hours ago Up 34 minutes (healthy) 0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp, 0.0.0.0:8443->8443/tcp, [::]:8443->8443/tcp, 9000/tcp nextcloud-aio-mastercontainer
c10404dbe5b4 ghcr.io/mailu/fetchmail:master "/fetchmail.py" 4 days ago Up 34 minutes (healthy) mailu-fetchmail-1
7927f64a4e85 ghcr.io/mailu/dovecot:master "/bin/sh -c /start.py" 4 days ago Up 34 minutes (healthy) mailu-imap-1
1b839664124a ghcr.io/mailu/rspamd:master "/bin/sh -c /start.py" 4 days ago Up 34 minutes (healthy) mailu-antispam-1
226775cd1e33 ghcr.io/mailu/postfix:master "/bin/sh -c /start.py" 4 days ago Up 33 minutes (healthy) mailu-smtp-1
7f8859c082a7 ghcr.io/mailu/admin:master "/bin/sh -c /start.py" 4 days ago Up 33 minutes (healthy) mailu-admin-1
c1be4f0ebf8b ghcr.io/mailu/nginx:master "/bin/sh -c /start.py" 4 days ago Up 31 minutes (healthy) 192.168.1.100:25->25/tcp, 192.168.1.100:110->110/tcp, 192.168.1.100:143->143/tcp, 192.168.1.100:465->465/tcp, 192.168.1.100:587->587/tcp, 192.168.1.100:993->993/tcp, 192.168.1.100:995->995/tcp, 192.168.1.100:4190->4190/tcp, 192.168.1.100:8011->80/tcp, 192.168.1.100:4431->443/tcp mailu-front-1
1863e5d390a7 ghcr.io/mailu/oletools:master "/bin/sh -c /start.py" 4 days ago Up 33 minutes (healthy) mailu-oletools-1
59866c7a9331 redis:alpine "docker-entrypoint.s…" 4 days ago Up 33 minutes 6379/tcp mailu-redis-1
158ce0f3b4e7 ghcr.io/mailu/unbound:master "/bin/sh -c /start.py" 4 days ago Up 33 minutes (healthy) mailu-resolver-1
02510a9e8391 ghcr.io/mailu/radicale:master "/bin/sh -c 'radical…" 4 days ago Up 33 minutes (healthy) mailu-webdav-1
But I haven’t got any ideas why ACME give me such error.
I check my DNS records and all is correct, for me…
Steps to replicate it (hint: details matter!):
I am not shure it is replicatable but
- docker Mailu install
- docker nextcloud-aio-mastercontainer install
- enable ports forwarding
