Nextcloud no longer accesible under `https://cloud.example.com/apps/dashboard/`

ℹ️ Support
, , , , , ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can
. :heart:

The Basics

  • Nextcloud Server version:
  • Nextcloud 33.0.0
  • Operating system and version:
  • #1 SMP PREEMPT Debian 1:6.12.75-1+rpt1~bookworm (2026-03-11)
  • Web server and version:
  • Server version: Apache/2.4.66 (Debian)
  • Reverse proxy and version:
  • nginx version: openresty/1.27.1.2
  • PHP version:
  • PHP 8.4.18 (cli) (built: Feb 24 2026 19:12:53) (NTS)
  • Is this the first time you’ve seen this error? (Yes / No):
  • yes
  • When did this problem seem to first start?
  • recently
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • OMV Container
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • No

Summary of the issues you are facing:

Nextcloud no longer accesible under https://cloud.example.com/apps/dashboard/

Steps to replicate it (hint: details matter!):

  1. Open Nextcloud in browser
  2. create a shorcut
  3. update nextcloud
  4. use shortcut

Log entries

Nextcloud


var/www/html/custom_apps/richdocuments/lib/Backgroundjobs/ObtainCapabilities.php","line":42,"function":"fetch","class":"OCA\\Richdo
cuments\\Service\\CachedRequestService","type":"->","args":[]},{"file":"/var/www/html/lib/public/BackgroundJob/Job.php","line":47,"
function":"run","class":"OCA\\Richdocuments\\Backgroundjobs\\ObtainCapabilities","type":"->","args":[null]},{"file":"/var/www/html/
lib/public/BackgroundJob/TimedJob.php","line":85,"function":"start","class":"OCP\\BackgroundJob\\Job","type":"->","args":[{"__class
__":"OC\\BackgroundJob\\JobList"}]},{"file":"/var/www/html/core/Service/CronService.php","line":176,"function":"start","class":"OCP
\\BackgroundJob\\TimedJob","type":"->","args":[{"__class__":"OC\\BackgroundJob\\JobList"}]},{"file":"/var/www/html/core/Service/Cro
nService.php","line":98,"function":"runCli","class":"OC\\Core\\Service\\CronService","type":"->","args":["cron",null]},{"file":"/va
r/www/html/cron.php","line":52,"function":"run","class":"OC\\Core\\Service\\CronService","type":"->","args":[null]}],"File":"/var/w
ww/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","Line":277,"message":"Failed to fetch discovery: cURL error 35: TLS
connect error: error:0A000458:SSL routines::tlsv1 unrecognized name (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for h
ttps://collab.kingma.ch/hosting/discovery","exception":"{\"class\":\"GuzzleHttp\\Exception\\ConnectException\",\"message\":\"cURL e
rror 35: TLS connect error: error:0A000458:SSL routines::tlsv1 unrecognized name (see https://curl.haxx.se/libcurl/c/libcurl-errors
.html) for https://collab.kingma.ch/hosting/discovery\",\"code\":0,\"file\":\"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/
CurlFactory.php:277\",\"trace\":\"#0 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php(207): GuzzleHttp\\Handler
\\CurlFactory::createRejection(Object(GuzzleHttp\\Handler\\EasyHandle), Array)\\n#1 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Ha
ndler/CurlFactory.php(159): GuzzleHttp\\Handler\\CurlFactory::finishError(Object(GuzzleHttp\\Handler\\CurlHandler), Object(GuzzleHt
tp\\Handler\\EasyHandle), Object(GuzzleHttp\\Handler\\CurlFactory))\\n#2 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlH
andler.php(47): GuzzleHttp\\Handler\\CurlFactory::finish(Object(GuzzleHttp\\Handler\\CurlHandler), Object(GuzzleHttp\\Handler\\Easy
Handle), Object(GuzzleHttp\\Handler\\CurlFactory))\\n#3 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php(142): GuzzleHtt
p\\Handler\\CurlHandler->__invoke(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#4 /var/www/html/lib/private/Http/Client/DnsPinMiddle
ware.php(110): GuzzleHttp\\Middleware::{closure:{closure:GuzzleHttp\\Middleware::tap():137}:138}(Object(GuzzleHttp\\Psr7\\Request),
Array)\\n#5 /var/www/html/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php(35): OC\\Http\\Client\\DnsPinMiddleware->{closu
re:{closure:OC\\Http\\Client\\DnsPinMiddleware::addDnsPinning():104}:105}(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#6 /var/www/h
tml/3rdparty/guzzlehttp/guzzle/src/Middleware.php(31): GuzzleHttp\\PrepareBodyMiddleware->__invoke(Object(GuzzleHttp\\Psr7\\Request
), Array)\\n#7 /var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php(71): GuzzleHttp\\Middleware::{closure:{closure:G
uzzleHttp\\Middleware::cookies():28}:29}(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#8 /var/www/html/3rdparty/guzzlehttp/guzzle/sr
c/Middleware.php(66): GuzzleHttp\\RedirectMiddleware->__invoke(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#9 /var/www/html/3rdpart
y/guzzlehttp/guzzle/src/HandlerStack.php(75): GuzzleHttp\\Middleware::{closure:{closure:GuzzleHttp\\Middleware::httpErrors():60}:61
}(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#10 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php(333): GuzzleHttp\\Handler
Stack->__invoke(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#11 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php(169): Guzzl
eHttp\\Client->transfer(Object(GuzzleHttp\\Psr7\\Request), Array)\\n#12 /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php(189
): GuzzleHttp\\Client->requestAsync('get', Object(GuzzleHttp\\Psr7\\Uri), Array)\\n#13 /var/www/html/lib/private/Http/Client/Client
.php(219): GuzzleHttp\\Client->request('get', 'https://collab....', Array)\\n#14 /var/www/html/custom_apps/richdocuments/lib/Servic
e/DiscoveryService.php(62): OC\\Http\\Client\\Client->get('https://collab....', Array)\\n#15 /var/www/html/custom_apps/richdocument
s/lib/Service/CachedRequestService.php(74): OCA\\Richdocuments\\Service\\DiscoveryService->sendRequest(Object(OC\\Http\\Client\\Cli
ent))\\n#16 /var/www/html/custom_apps/richdocuments/lib/Backgroundjobs/ObtainCapabilities.php(42): OCA\\Richdocuments\\Service\\Cac
hedRequestService->fetch()\\n#17 /var/www/html/lib/public/BackgroundJob/Job.php(47): OCA\\Richdocuments\\Backgroundjobs\\ObtainCapa
bilities->run(NULL)\\n#18 /var/www/html/lib/public/BackgroundJob/TimedJob.php(85): OCP\\BackgroundJob\\Job->start(Object(OC\\Backgr
oundJob\\JobList))\\n#19 /var/www/html/core/Service/CronService.php(176): OCP\\BackgroundJob\\TimedJob->start(Object(OC\\Background
Job\\JobList))\\n#20 /var/www/html/core/Service/CronService.php(98): OC\\Core\\Service\\CronService->runCli('cron', NULL)\\n#21 /va
r/www/html/cron.php(52): OC\\Core\\Service\\CronService->run(NULL)\\n#22 {main}\"}","CustomMessage":"Failed to fetch discovery: cUR
L error 35: TLS connect error: error:0A000458:SSL routines::tlsv1 unrecognized name (see https://curl.haxx.se/libcurl/c/libcurl-err
ors.html) for https://collab.kingma.ch/hosting/discovery"}}

Web Browser

Apps

Enabled:

  • activity: 6.0.0-dev.0
  • admin_audit: 1.23.0
  • bookmarks: 16.1.3
  • brewmemo: 0.6.0
  • bruteforcesettings: 6.0.0-dev.0
  • calendar: 6.2.1
  • circles: 33.0.0
  • cloud_federation_api: 1.17.0
  • comments: 1.23.0
  • contacts: 8.4.1
  • contactsinteraction: 1.14.1
  • cookbook: 0.11.6
  • dashboard: 7.13.0
  • dav: 1.36.0
  • encryption: 2.21.0
  • end_to_end_encryption: 2.0.0
  • federatedfilesharing: 1.23.0
  • federation: 1.23.0
  • files: 2.5.0
  • files_downloadlimit: 5.1.0-dev.0
  • files_external: 1.25.1
  • files_pdfviewer: 6.0.0-dev.0
  • files_reminders: 1.6.0
  • files_sharing: 1.25.2
  • files_trashbin: 1.23.0
  • files_versions: 1.26.0
  • firstrunwizard: 6.0.0-dev.0
  • fulltextsearch: 33.0.0
  • groupfolders: 21.0.6
  • logreader: 6.0.0
  • lookup_server_connector: 1.21.0
  • nextcloud_announcements: 5.0.0
  • notes: 4.13.0
  • notifications: 6.0.0
  • oauth2: 1.21.0
  • onlyoffice: 10.0.0
  • password_policy: 5.0.0-dev.0
  • photos: 6.0.0-dev.0
  • privacy: 5.0.0-dev.0
  • profile: 1.2.0
  • provisioning_api: 1.23.0
  • recommendations: 6.0.0-dev.0
  • related_resources: 4.0.0-dev.0
  • richdocuments: 10.1.0
  • serverinfo: 5.0.0-dev.0
  • settings: 1.16.0
  • sharebymail: 1.23.0
  • support: 5.0.0
  • survey_client: 5.0.0-dev.0
  • suspicious_login: 11.0.0-dev.0
  • systemtags: 1.23.0
  • text: 7.0.0-dev.3
  • theming: 2.8.0
  • twofactor_backupcodes: 1.22.0
  • twofactor_nextcloud_notification: 7.0.0
  • twofactor_totp: 15.0.0-dev.0
  • updatenotification: 1.23.0
  • user_status: 1.13.0
  • viewer: 6.0.0-dev.0
  • weather_status: 1.13.0
  • webhook_listeners: 1.5.0
  • workflowengine: 2.15.0
    Disabled:
  • app_api: 33.0.0 (installed 32.0.0)
  • camerarawpreviews: 0.8.8 (installed 0.8.8)
  • documentserver_community: 0.2.1 (installed 0.2.1)
  • keeweb: 0.6.22 (installed 0.6.22)
  • user_ldap: 1.24.0 (installed 1.22.0)
2

You have this error, not sure if that is linked. It’s more often in the background jobs with cron.

How do you create a shortcut of a file in Nextcloud? Or something else, a new widget on the dashboard?

3

What works:

image

what errors

image

As I stored a bookmark the later used to work proper.

4

.htaccess


<IfModule mod_headers.c>
    <IfModule mod_setenvif.c>
        <IfModule mod_fcgid.c>
            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
        </IfModule>
        <IfModule mod_proxy_fcgi.c>
            SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
        </IfModule>
        <IfModule mod_lsapi.c>
            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
        </IfModule>
    </IfModule>

    <IfModule mod_env.c>
        # Add security and privacy related headers
        # Avoid doubled headers by unsetting headers in "onsuccess" table,
        # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002

        <If "%{REQUEST_URI} =~ m#/login$#">
            # Only on the login page we need any Origin or Referer header set.
            Header onsuccess unset Referrer-Policy
            Header always set Referrer-Policy "same-origin"
        </If>
        <Else>
            Header onsuccess unset Referrer-Policy
            Header always set Referrer-Policy "no-referrer"
        </Else>

        Header onsuccess unset X-Content-Type-Options
        Header always set X-Content-Type-Options "nosniff"

        Header onsuccess unset X-Frame-Options
        Header always set X-Frame-Options "SAMEORIGIN"

        Header onsuccess unset X-Permitted-Cross-Domain-Policies
        Header always set X-Permitted-Cross-Domain-Policies "none"

        Header onsuccess unset X-Robots-Tag
        Header always set X-Robots-Tag "noindex, nofollow"

        SetEnv modHeadersAvailable true
    </IfModule>

    # Add cache control for static resources
    <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
        <If "%{QUERY_STRING} =~ /(^|&)v=/">
            Header set Cache-Control "max-age=15778463, immutable"
        </If>
        <Else>
            Header set Cache-Control "max-age=15778463"
        </Else>
    </FilesMatch>

    # Let browsers cache OTF and WOFF files for a week
    <FilesMatch "\.(otf|woff2?)$">
        Header set Cache-Control "max-age=604800"
    </FilesMatch>
</IfModule>

<IfModule mod_php.c>
    php_value default_charset 'UTF-8'
    php_value output_buffering 0
    <IfModule mod_env.c>
        SetEnv htaccessWorking true
    </IfModule>
</IfModule>

<IfModule mod_mime.c>
    AddType image/svg+xml svg svgz
    AddType application/wasm wasm
    AddEncoding gzip svgz
    # Serve ESM javascript files (.mjs) with correct mime type
    AddType text/javascript js mjs
</IfModule>

<IfModule mod_dir.c>
    DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
    ModPagespeed Off
</IfModule>

#############
#### Rewrites
#############

<IfModule mod_rewrite.c>
    RewriteEngine on

##
## Rule: Workaround for WebDAV with apache+php-cgi
##
## Context:
##    - Sets the environment variable `HTTP_AUTHORIZATION` to the value of the `Authorization` request header
##    - Always executed before and along with other rules (no `L` used)
##    - XXX: *May* be replaced with an equivalent SetEnvIf in theory
##    - XXX: SetEnvIf approach is already in use above for mod_proxy_cgi / mod_lsapi / mod_fcgid
##

    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

##
## Rule: Workaround for WebDAV with MS DavClnt
##
## Context: 
##    - DavClnt attempts an OPTIONS request against `/` instead of the specified endpoint
##    - Redirects the client to the endpoint rather than the login page (which confuses DavClnt)
##

    RewriteCond %{HTTP_USER_AGENT} DavClnt
    RewriteRule ^$ /remote.php/webdav/ [L,R=302]

##
## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CardDAV to our Remote DAV endpoint
##

    RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]

##
## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CalDAV to our Remote DAV endpoint
##

    RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]

##
## Rule: Map /remote* --> /remote.php* including the query string
##
## Context:
##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
##    - XXX: Is this even used anymore? Seems a relic from <NC12
##

    RewriteRule ^remote/(.*) remote.php [QSA,L]

##
## Rule: Prevent access to non-public files
##

    RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]

##
## Rule: Maps most RFC 8615 compliant well-known URIs to our main frontend controller (/index.php) by default
##
## Context:
##    - Intentionally excludes URIs used for HTTPS certificate verifications
##        - RFC 8555 / ACME HTTP Challenges (acme-challenge) 
##        - File-based Validations (pki-validation)
##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
##

    RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]

##
## Rule: Map the ocm-provider handling to our main frontend controller (/index.php)
##
## Context:
##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
##

    RewriteRule ^ocm-provider/?$ index.php [QSA,L]

##
## Rule: Prevent access to more non-public files
##
## Context:
##    - XXX It may make sense to merge some of these with the others (i.e. the ones that don't need to be last)
##

    RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]

</IfModule>

# Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
# When FastCGI or FPM is used with apache, requests arrive to Nextcloud without any content.
# This leads to the creation of empty files.
# The following directive will force the problematic requests to be buffered before being forwarded to Nextcloud.
# This way, the "Transfer-Encoding" header is removed, the "Content-Length" header is set, and the request content is proxied to Nextcloud.
# Here are more information about the issue:
#  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
#  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav

<IfModule mod_setenvif.c>
    SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
</IfModule>

# Apache disabled the sending of the server-side content-length header
# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973

<IfModule mod_env.c>
    SetEnv ap_trust_cgilike_cl
</IfModule>

AddDefaultCharset utf-8
Options -Indexes
5

In the documentation they call it the pretty url:

I suppose you did that?

6

Interesting I did an update and I read:

After each update, these changes are automatically applied to the .htaccess-file.

So I suppose there are no after update steps required?

Apparently not I had to do an extra

sudo docker exec nextcloud php occ maintenance:update:htaccess

And now the urls seem to work as before

thanks​:double_exclamation_mark:

7

The update installs a new .htaccess, I don’t know if the update command is part of the update procedure or if there are reasons to not do it. And since it is docker, it is not even the updater app I suppose… (sorry I don’t use docker)

8

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.