NextCloud startpage - This site can’t provide a secure connection

Whykioh · October 29, 2024, 3:47pm

Nextcloud version (eg, 29.0.5): 29.0.8
Operating system and version (eg, Ubuntu 24.04): Windows 10 (with Docker)
Apache or nginx version (eg, Apache 2.4.25): 2.4.62
PHP version (eg, 8.3): 8.2.24

The issue you are facing:
I installed Nextcloud correctly. After that I arrive on the containers page, on this page I’m finally offered access to the nextcloud login page.
But it doesn’t work, my browser returns the following error: SSL_ERROR_INTERNAL_ERROR_ALERT.

Is this the first time you’ve seen this error? : Yes

Steps to replicate it:

Start NextCloud
Go to the login page from the container page
SSL_ERROR_INTERNAL_ERROR_ALERT

The output of your Nextcloud log in Admin > Logging:

2024-10-29 15:43:59 Connection to nextcloud-aio-database (172.18.0.4) 5432 port [tcp/postgresql] succeeded!
2024-10-29 15:44:01               now              
2024-10-29 15:44:01 -------------------------------
2024-10-29 15:44:01  2024-10-29 14:44:01.743867+00
2024-10-29 15:44:01 (1 row)
2024-10-29 15:44:01 
2024-10-29 15:44:01 Enabling Imagick...
2024-10-29 15:44:06 Applying one-click-instance settings...
2024-10-29 15:44:07 System config value one-click-instance set to boolean true
2024-10-29 15:44:08 System config value one-click-instance.user-limit set to integer 100
2024-10-29 15:44:09 System config value one-click-instance.link set to string https://nextcloud.com/all-in-one/
2024-10-29 15:44:09 support already enabled
2024-10-29 15:44:09 Adjusting log files...
2024-10-29 15:44:10 System config value upgrade.cli-upgrade-link set to string https://github.com/nextcloud/all-in-one/discussions/2726
2024-10-29 15:44:01 + '[' -f /dev-dri-group-was-added ']'
2024-10-29 15:44:01 ++ find /dev -maxdepth 1 -mindepth 1 -name dri
2024-10-29 15:44:01 + '[' -n '' ']'
2024-10-29 15:44:01 + set +x
2024-10-29 15:44:03 WARNING: opening from cache https://dl-cdn.alpinelinux.org/alpine/v3.20/main: No such file or directory
2024-10-29 15:44:03 WARNING: opening from cache https://dl-cdn.alpinelinux.org/alpine/v3.20/community: No such file or directory
2024-10-29 15:44:03 Connection to nextcloud-aio-redis (172.18.0.5) 6379 port [tcp/redis] succeeded!
2024-10-29 15:44:11 System config value logfile set to string /var/www/html/data/nextcloud.log
2024-10-29 15:44:11 Config value were not updated
2024-10-29 15:44:12 System config value updatedirectory set to string /nc-updater
2024-10-29 15:44:12 System config value maintenance_window_start set to integer 100
2024-10-29 15:44:12 Applying network settings...
2024-10-29 15:44:13 System config value allow_local_remote_servers set to boolean true
2024-10-29 15:44:13 System config value davstorage.request_timeout set to integer 3600
2024-10-29 15:44:14 System config value trusted_domains => 1 set to string whykorp.fr
2024-10-29 15:44:14 System config value overwrite.cli.url set to string https://whykorp.fr/
2024-10-29 15:44:15 System config value htaccess.RewriteBase set to string /
2024-10-29 15:44:16 .htaccess has been updated
2024-10-29 15:44:16 System config value dbpersistent set to boolean false
2024-10-29 15:44:17 System config value auth.bruteforce.protection.enabled set to boolean true
2024-10-29 15:44:18 System config value ratelimit.protection.enabled set to boolean true
2024-10-29 15:44:18 System config value files_external_allow_create_new_local set to boolean false
2024-10-29 15:44:20 notify_push is up-to-date or no updates could be found
2024-10-29 15:44:21 System config value trusted_proxies => 0 set to string 127.0.0.1
2024-10-29 15:44:21 System config value trusted_proxies => 1 set to string ::1
2024-10-29 15:44:22 System config value trusted_proxies => 10 set to string 172.18.0.0/16
2024-10-29 15:44:23 Config value were not updated
2024-10-29 15:44:24 richdocuments is up-to-date or no updates could be found
2024-10-29 15:44:24 Config value were not updated
2024-10-29 15:44:26 Config value were not updated
2024-10-29 15:44:26 System config value enabledPreviewProviders => 0 set to string OC\Preview\Imaginary
2024-10-29 15:44:27 System config value preview_imaginary_url set to string http://nextcloud-aio-imaginary:9000
2024-10-29 15:44:28 System config value preview_imaginary_key set to string 3e8fe88fcfe224059cc00e13e3f11b3b42343960c725cb9d
2024-10-29 15:44:29 fulltextsearch is up-to-date or no updates could be found
2024-10-29 15:44:30 fulltextsearch_elasticsearch is up-to-date or no updates could be found
2024-10-29 15:44:23 + grep -q 'nextcloud-.*-collabora'
2024-10-29 15:44:23 + echo nextcloud-aio-collabora
2024-10-29 15:44:23 + COLLABORA_HOST=whykorp.fr
2024-10-29 15:44:23 + set +x
2024-10-29 15:44:28 Connection to nextcloud-aio-fulltextsearch (172.18.0.6) 9200 port [tcp/*] succeeded!
2024-10-29 15:44:32 files_fulltextsearch is up-to-date or no updates could be found
2024-10-29 15:44:32 {
2024-10-29 15:44:32     "search_platform": "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform",
2024-10-29 15:44:32     "app_navigation": "0",
2024-10-29 15:44:32     "provider_indexed": "",
2024-10-29 15:44:32     "cron_err_reset": "1730211725",
2024-10-29 15:44:32     "tick_ttl": "1800",
2024-10-29 15:44:32     "collection_indexing_list": "50",
2024-10-29 15:44:32     "migration_24": "1",
2024-10-29 15:44:32     "collection_internal": "local"
2024-10-29 15:44:32 }
2024-10-29 15:44:33 {
2024-10-29 15:44:33     "elastic_host": "http:\/\/elastic:ccb99d4c527b08e1b60a89a4c85807eba3c9639c64f413e0@nextcloud-aio-fulltextsearch:9200",
2024-10-29 15:44:33     "elastic_index": "nextcloud-aio",
2024-10-29 15:44:33     "fields_limit": "10000",
2024-10-29 15:44:33     "es_ver_below66": "0",
2024-10-29 15:44:33     "elastic_logger_enabled": "true",
2024-10-29 15:44:33     "analyzer_tokenizer": "standard",
2024-10-29 15:44:33     "allow_self_signed_cert": "false"
2024-10-29 15:44:33 }
2024-10-29 15:44:33 {
2024-10-29 15:44:33     "files_local": "1",
2024-10-29 15:44:33     "files_external": "0",
2024-10-29 15:44:33     "files_group_folders": "0",
2024-10-29 15:44:33     "files_encrypted": "0",
2024-10-29 15:44:33     "files_federated": "0",
2024-10-29 15:44:33     "files_size": "20",
2024-10-29 15:44:33     "files_pdf": "1",
2024-10-29 15:44:33     "files_office": "1",
2024-10-29 15:44:33     "files_image": "0",
2024-10-29 15:44:33     "files_audio": "0",
2024-10-29 15:44:33     "files_chunk_size": "2"
2024-10-29 15:44:33 }
2024-10-29 15:44:34 app_api is up-to-date or no updates could be found
2024-10-29 15:44:35 whiteboard is up-to-date or no updates could be found
2024-10-29 15:44:36 Config value were not updated
2024-10-29 15:44:36 Config value were not updated
2024-10-29 15:44:37 + '[' true = true ']'
2024-10-29 15:44:37 + '[' 443 = 443 ']'
2024-10-29 15:44:37 ++ dig nextcloud-aio-apache A +short +search
2024-10-29 15:44:37 ++ grep '^[0-9.]\+$'
2024-10-29 15:44:37 ++ sort
2024-10-29 15:44:37 ++ head -n1
2024-10-29 15:44:37 + IPv4_ADDRESS_APACHE=172.18.0.12
2024-10-29 15:44:37 ++ dig nextcloud-aio-apache AAAA +short +search
2024-10-29 15:44:37 ++ sort
2024-10-29 15:44:37 ++ grep '^[0-9a-f:]\+$'
2024-10-29 15:44:37 ++ head -n1
2024-10-29 15:44:37 + IPv6_ADDRESS_APACHE=
2024-10-29 15:44:37 ++ dig nextcloud-aio-mastercontainer A +short +search
2024-10-29 15:44:37 ++ grep '^[0-9.]\+$'
2024-10-29 15:44:37 ++ sort
2024-10-29 15:44:37 ++ head -n1
2024-10-29 15:44:37 + IPv4_ADDRESS_MASTERCONTAINER=172.18.0.2
2024-10-29 15:44:37 ++ dig nextcloud-aio-mastercontainer AAAA +short +search
2024-10-29 15:44:37 ++ grep '^[0-9a-f:]\+$'
2024-10-29 15:44:37 ++ sort
2024-10-29 15:44:37 ++ head -n1
2024-10-29 15:44:37 + IPv6_ADDRESS_MASTERCONTAINER=
2024-10-29 15:44:37 + sed -i 's|^;listen.allowed_clients|listen.allowed_clients|' /usr/local/etc/php-fpm.d/www.conf
2024-10-29 15:44:37 + sed -i 's|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,172.18.0.12,,172.18.0.2,|' /usr/local/etc/php-fpm.d/www.conf
2024-10-29 15:44:37 + sed -i '/^listen.allowed_clients/s/,,/,/g' /usr/local/etc/php-fpm.d/www.conf
2024-10-29 15:44:37 + sed -i '/^listen.allowed_clients/s/,$//' /usr/local/etc/php-fpm.d/www.conf
2024-10-29 15:44:37 + grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
2024-10-29 15:44:37 + set +x
2024-10-29 15:44:38 [29-Oct-2024 15:44:38] NOTICE: fpm is running, pid 576
2024-10-29 15:44:38 [29-Oct-2024 15:44:38] NOTICE: ready to handle connections
2024-10-29 15:44:37 listen.allowed_clients = 127.0.0.1,::1,172.18.0.12,172.18.0.2
2024-10-29 15:44:53 Activating Collabora config...
2024-10-29 15:44:54 ✓ Reset callback url autodetect
2024-10-29 15:44:54 Checking configuration
2024-10-29 15:44:54 🛈 Configured WOPI URL: https://whykorp.fr
2024-10-29 15:44:54 🛈 Configured public WOPI URL: https://whykorp.fr
2024-10-29 15:44:54 🛈 Configured callback URL: 
2024-10-29 15:44:54 
2024-10-29 15:44:54 Failed to fetch discovery endpoint from https://whykorp.fr
2024-10-29 15:44:54 cURL error 35: OpenSSL/3.3.2: error:0A000438:SSL routines::tlsv1 alert internal error (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://whykorp.fr/hosting/discovery

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

The output of your Apache/nginx/system log in /var/log/____:

2024-10-29T14:44:07.622550475Z Waiting for Nextcloud to start...
2024-10-29T14:44:12.630114361Z Waiting for Nextcloud to start...
2024-10-29T14:44:17.638437164Z Waiting for Nextcloud to start...
2024-10-29T14:44:22.641065023Z Waiting for Nextcloud to start...
2024-10-29T14:44:27.643191157Z Waiting for Nextcloud to start...
2024-10-29T14:44:32.644338743Z Waiting for Nextcloud to start...
2024-10-29T14:44:37.646488801Z Waiting for Nextcloud to start...
2024-10-29T14:44:42.648564185Z Connection to nextcloud-aio-nextcloud (172.18.0.9) 9000 port [tcp/*] succeeded!
2024-10-29T14:44:44.033909946Z [Tue Oct 29 15:44:44.033588 2024] [mpm_event:notice] [pid 56:tid 56] AH00489: Apache/2.4.62 (Unix) configured -- resuming normal operations
2024-10-29T14:44:44.034160857Z [Tue Oct 29 15:44:44.034055 2024] [core:notice] [pid 56:tid 56] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
2024-10-29T14:44:44.099657120Z {"level":"info","ts":1730213084.0935516,"msg":"using config from file","file":"/tmp/Caddyfile"}
2024-10-29T14:44:44.099699422Z {"level":"info","ts":1730213084.0975406,"msg":"adapted config to JSON","adapter":"caddyfile"}
2024-10-29T14:44:44.101218290Z {"level":"info","ts":1730213084.1009066,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
2024-10-29T14:44:44.102190834Z {"level":"info","ts":1730213084.1014194,"msg":"[INFO][FileStorage:/mnt/data/caddy] Lock for 'issue_cert_whykorp.fr' is stale (created: 2024-10-29 15:31:15.855206247 +0100 CET, last update: 2024-10-29 15:35:46.050827015 +0100 CET); removing then retrying: /mnt/data/caddy/locks/issue_cert_whykorp.fr.lock"}
2024-10-29T14:44:46.146834117Z {"level":"error","ts":1730213086.1464448,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:44:46.146889819Z {"level":"error","ts":1730213086.1467297,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/2026962367/318141770207","attempt":1,"max_attempts":3}
2024-10-29T14:44:46.147006224Z {"level":"error","ts":1730213086.1468856,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:44:46.147259736Z {"level":"error","ts":1730213086.1470602,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":2.0428182,"max_duration":2592000}
2024-10-29T14:45:48.047888957Z {"level":"error","ts":1730213148.0475461,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:45:48.047913058Z {"level":"error","ts":1730213148.0475905,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/169142393/20076323833","attempt":1,"max_attempts":3}
2024-10-29T14:45:48.047919658Z {"level":"error","ts":1730213148.0476117,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:45:48.047924258Z {"level":"error","ts":1730213148.0476453,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":63.946048214,"max_duration":2592000}
2024-10-29T14:47:04.891788712Z Connection to nextcloud-aio-nextcloud (172.18.0.9) 9000 port [tcp/*] succeeded!
2024-10-29T14:47:06.291121481Z [Tue Oct 29 15:47:06.290806 2024] [mpm_event:notice] [pid 34:tid 34] AH00489: Apache/2.4.62 (Unix) configured -- resuming normal operations
2024-10-29T14:47:06.291553200Z [Tue Oct 29 15:47:06.291439 2024] [core:notice] [pid 34:tid 34] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
2024-10-29T14:47:06.311499588Z {"level":"info","ts":1730213226.311193,"msg":"using config from file","file":"/tmp/Caddyfile"}
2024-10-29T14:47:06.314394617Z {"level":"info","ts":1730213226.3141556,"msg":"adapted config to JSON","adapter":"caddyfile"}
2024-10-29T14:47:06.317735366Z {"level":"info","ts":1730213226.3174732,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
2024-10-29T14:47:06.319735255Z {"level":"info","ts":1730213226.3193953,"msg":"[INFO][FileStorage:/mnt/data/caddy] Lock for 'issue_cert_whykorp.fr' is stale (created: 2024-10-29 15:44:44.101511204 +0100 CET, last update: 2024-10-29 15:46:24.203149715 +0100 CET); removing then retrying: /mnt/data/caddy/locks/issue_cert_whykorp.fr.lock"}
2024-10-29T14:47:08.183569294Z {"level":"error","ts":1730213228.1831162,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:47:08.183609795Z {"level":"error","ts":1730213228.1831973,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/2026962367/318142219437","attempt":1,"max_attempts":3}
2024-10-29T14:47:08.183628996Z {"level":"error","ts":1730213228.1832154,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:47:08.183633496Z {"level":"error","ts":1730213228.1832788,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.852532637,"max_duration":2592000}
2024-10-29T14:48:09.991459144Z {"level":"error","ts":1730213289.9910822,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:48:09.991481545Z {"level":"error","ts":1730213289.9911258,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/169142393/20076375333","attempt":1,"max_attempts":3}
2024-10-29T14:48:09.991489045Z {"level":"error","ts":1730213289.9911468,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:48:09.991493945Z {"level":"error","ts":1730213289.9911737,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":63.662397428,"max_duration":2592000}
2024-10-29T14:50:12.153111367Z {"level":"error","ts":1730213412.152476,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:50:12.153191671Z {"level":"error","ts":1730213412.1525433,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/169142393/20076420033","attempt":1,"max_attempts":3}
2024-10-29T14:50:12.153201271Z {"level":"error","ts":1730213412.1525767,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:50:12.153205771Z {"level":"error","ts":1730213412.1526134,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":185.829150366,"max_duration":2592000}
2024-10-29T14:52:13.917240606Z {"level":"error","ts":1730213533.9167438,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:52:13.917264307Z {"level":"error","ts":1730213533.916786,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/169142393/20076461773","attempt":1,"max_attempts":3}
2024-10-29T14:52:13.917271607Z {"level":"error","ts":1730213533.9168286,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:52:13.917289508Z {"level":"error","ts":1730213533.916857,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":307.598868777,"max_duration":2592000}
2024-10-29T14:57:16.050470302Z {"level":"error","ts":1730213836.0499167,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"whykorp.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-10-29T14:57:16.050513304Z {"level":"error","ts":1730213836.04996,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"whykorp.fr","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/169142393/20076564193","attempt":1,"max_attempts":3}
2024-10-29T14:57:16.050520504Z {"level":"error","ts":1730213836.0499935,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whykorp.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-10-29T14:57:16.050525005Z {"level":"error","ts":1730213836.0500329,"logger":"tls.obtain","msg":"will retry","error":"[whykorp.fr] Obtain: [whykorp.fr] solving challenge: whykorp.fr: [whykorp.fr] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":5,"retrying_in":600,"elapsed":609.745667172,"max_duration":2592000}

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

2024-10-29T14:43:59.656905066Z Connection to nextcloud-aio-database (172.18.0.4) 5432 port [tcp/postgresql] succeeded!
2024-10-29T14:44:01.749385204Z               now              
2024-10-29T14:44:01.749400205Z -------------------------------
2024-10-29T14:44:01.749404005Z  2024-10-29 14:44:01.743867+00
2024-10-29T14:44:01.749407205Z (1 row)
2024-10-29T14:44:01.749423306Z 
2024-10-29T14:44:01.758309906Z + '[' -f /dev-dri-group-was-added ']'
2024-10-29T14:44:01.760864221Z ++ find /dev -maxdepth 1 -mindepth 1 -name dri
2024-10-29T14:44:01.761996072Z + '[' -n '' ']'
2024-10-29T14:44:01.762005372Z + set +x
2024-10-29T14:44:01.804592790Z Enabling Imagick...
2024-10-29T14:44:03.291241644Z WARNING: opening from cache https://dl-cdn.alpinelinux.org/alpine/v3.20/main: No such file or directory
2024-10-29T14:44:03.291274346Z WARNING: opening from cache https://dl-cdn.alpinelinux.org/alpine/v3.20/community: No such file or directory
2024-10-29T14:44:03.315231125Z Connection to nextcloud-aio-redis (172.18.0.5) 6379 port [tcp/redis] succeeded!
2024-10-29T14:44:06.682774287Z Applying one-click-instance settings...
2024-10-29T14:44:07.444272591Z System config value one-click-instance set to boolean true
2024-10-29T14:44:08.463277401Z System config value one-click-instance.user-limit set to integer 100
2024-10-29T14:44:09.222119213Z System config value one-click-instance.link set to string https://nextcloud.com/all-in-one/
2024-10-29T14:44:09.957785575Z support already enabled
2024-10-29T14:44:09.975548980Z Adjusting log files...
2024-10-29T14:44:10.455826360Z System config value upgrade.cli-upgrade-link set to string https://github.com/nextcloud/all-in-one/discussions/2726
2024-10-29T14:44:11.129333703Z System config value logfile set to string /var/www/html/data/nextcloud.log
2024-10-29T14:44:11.671966611Z Config value were not updated
2024-10-29T14:44:12.153929867Z System config value updatedirectory set to string /nc-updater
2024-10-29T14:44:12.662876647Z System config value maintenance_window_start set to integer 100
2024-10-29T14:44:12.678912874Z Applying network settings...
2024-10-29T14:44:13.208447888Z System config value allow_local_remote_servers set to boolean true
2024-10-29T14:44:13.788833008Z System config value davstorage.request_timeout set to integer 3600
2024-10-29T14:44:14.356328643Z System config value trusted_domains => 1 set to string whykorp.fr
2024-10-29T14:44:14.890278057Z System config value overwrite.cli.url set to string https://whykorp.fr/
2024-10-29T14:44:15.354639115Z System config value htaccess.RewriteBase set to string /
2024-10-29T14:44:16.066849236Z .htaccess has been updated
2024-10-29T14:44:16.805424022Z System config value dbpersistent set to boolean false
2024-10-29T14:44:17.553838251Z System config value auth.bruteforce.protection.enabled set to boolean true
2024-10-29T14:44:18.304351175Z System config value ratelimit.protection.enabled set to boolean true
2024-10-29T14:44:18.992672397Z System config value files_external_allow_create_new_local set to boolean false
2024-10-29T14:44:20.731739473Z notify_push is up-to-date or no updates could be found
2024-10-29T14:44:21.302842412Z System config value trusted_proxies => 0 set to string 127.0.0.1
2024-10-29T14:44:21.835668525Z System config value trusted_proxies => 1 set to string ::1
2024-10-29T14:44:22.431437375Z System config value trusted_proxies => 10 set to string 172.18.0.0/16
2024-10-29T14:44:23.059186567Z Config value were not updated
2024-10-29T14:44:23.079388777Z + grep -q 'nextcloud-.*-collabora'
2024-10-29T14:44:23.079402778Z + echo nextcloud-aio-collabora
2024-10-29T14:44:23.087759254Z + COLLABORA_HOST=whykorp.fr
2024-10-29T14:44:23.087774955Z + set +x
2024-10-29T14:44:24.308432158Z richdocuments is up-to-date or no updates could be found
2024-10-29T14:44:24.902308109Z Config value were not updated
2024-10-29T14:44:26.255746271Z Config value were not updated
2024-10-29T14:44:26.841405701Z System config value enabledPreviewProviders => 0 set to string OC\Preview\Imaginary
2024-10-29T14:44:27.519769146Z System config value preview_imaginary_url set to string http://nextcloud-aio-imaginary:9000
2024-10-29T14:44:28.097366705Z System config value preview_imaginary_key set to string 3e8fe88fcfe224059cc00e13e3f11b3b42343960c725cb9d
2024-10-29T14:44:28.117495490Z Connection to nextcloud-aio-fulltextsearch (172.18.0.6) 9200 port [tcp/*] succeeded!
2024-10-29T14:44:29.672491409Z fulltextsearch is up-to-date or no updates could be found
2024-10-29T14:44:30.921232988Z fulltextsearch_elasticsearch is up-to-date or no updates could be found
2024-10-29T14:44:32.065141621Z files_fulltextsearch is up-to-date or no updates could be found
2024-10-29T14:44:32.629504092Z {
2024-10-29T14:44:32.629519993Z     "search_platform": "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform",
2024-10-29T14:44:32.629524893Z     "app_navigation": "0",
2024-10-29T14:44:32.629530593Z     "provider_indexed": "",
2024-10-29T14:44:32.629533893Z     "cron_err_reset": "1730211725",
2024-10-29T14:44:32.629592096Z     "tick_ttl": "1800",
2024-10-29T14:44:32.629595596Z     "collection_indexing_list": "50",
2024-10-29T14:44:32.629598896Z     "migration_24": "1",
2024-10-29T14:44:32.629602096Z     "collection_internal": "local"
2024-10-29T14:44:32.629605297Z }
2024-10-29T14:44:33.132613975Z {
2024-10-29T14:44:33.132628976Z     "elastic_host": "http:\/\/elastic:ccb99d4c527b08e1b60a89a4c85807eba3c9639c64f413e0@nextcloud-aio-fulltextsearch:9200",
2024-10-29T14:44:33.132633476Z     "elastic_index": "nextcloud-aio",
2024-10-29T14:44:33.132664977Z     "fields_limit": "10000",
2024-10-29T14:44:33.132669977Z     "es_ver_below66": "0",
2024-10-29T14:44:33.132673178Z     "elastic_logger_enabled": "true",
2024-10-29T14:44:33.132676278Z     "analyzer_tokenizer": "standard",
2024-10-29T14:44:33.132679478Z     "allow_self_signed_cert": "false"
2024-10-29T14:44:33.132682578Z }
2024-10-29T14:44:33.619753757Z {
2024-10-29T14:44:33.619768858Z     "files_local": "1",
2024-10-29T14:44:33.619772758Z     "files_external": "0",
2024-10-29T14:44:33.619775958Z     "files_group_folders": "0",
2024-10-29T14:44:33.619779058Z     "files_encrypted": "0",
2024-10-29T14:44:33.619782358Z     "files_federated": "0",
2024-10-29T14:44:33.619785458Z     "files_size": "20",
2024-10-29T14:44:33.619788458Z     "files_pdf": "1",
2024-10-29T14:44:33.619791559Z     "files_office": "1",
2024-10-29T14:44:33.619794659Z     "files_image": "0",
2024-10-29T14:44:33.619797559Z     "files_audio": "0",
2024-10-29T14:44:33.619800559Z     "files_chunk_size": "2"
2024-10-29T14:44:33.619816660Z }
2024-10-29T14:44:34.809859994Z app_api is up-to-date or no updates could be found
2024-10-29T14:44:35.932175355Z whiteboard is up-to-date or no updates could be found
2024-10-29T14:44:36.450966127Z Config value were not updated
2024-10-29T14:44:36.958752015Z Config value were not updated
2024-10-29T14:44:37.052420526Z + '[' true = true ']'
2024-10-29T14:44:37.052435527Z + '[' 443 = 443 ']'
2024-10-29T14:44:37.058213880Z ++ dig nextcloud-aio-apache A +short +search
2024-10-29T14:44:37.058228681Z ++ grep '^[0-9.]\+$'
2024-10-29T14:44:37.058232881Z ++ sort
2024-10-29T14:44:37.058236181Z ++ head -n1
2024-10-29T14:44:37.130969674Z + IPv4_ADDRESS_APACHE=172.18.0.12
2024-10-29T14:44:37.130985575Z ++ dig nextcloud-aio-apache AAAA +short +search
2024-10-29T14:44:37.132888158Z ++ sort
2024-10-29T14:44:37.135276663Z ++ grep '^[0-9a-f:]\+$'
2024-10-29T14:44:37.136367311Z ++ head -n1
2024-10-29T14:44:37.202195300Z + IPv6_ADDRESS_APACHE=
2024-10-29T14:44:37.202693922Z ++ dig nextcloud-aio-mastercontainer A +short +search
2024-10-29T14:44:37.204637307Z ++ grep '^[0-9.]\+$'
2024-10-29T14:44:37.204648308Z ++ sort
2024-10-29T14:44:37.204652008Z ++ head -n1
2024-10-29T14:44:37.282648131Z + IPv4_ADDRESS_MASTERCONTAINER=172.18.0.2
2024-10-29T14:44:37.288109371Z ++ dig nextcloud-aio-mastercontainer AAAA +short +search
2024-10-29T14:44:37.288128672Z ++ grep '^[0-9a-f:]\+$'
2024-10-29T14:44:37.288133472Z ++ sort
2024-10-29T14:44:37.291034600Z ++ head -n1
2024-10-29T14:44:37.359189091Z + IPv6_ADDRESS_MASTERCONTAINER=
2024-10-29T14:44:37.359203392Z + sed -i 's|^;listen.allowed_clients|listen.allowed_clients|' /usr/local/etc/php-fpm.d/www.conf
2024-10-29T14:44:37.361066373Z + sed -i 's|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,172.18.0.12,,172.18.0.2,|' /usr/local/etc/php-fpm.d/www.conf
2024-10-29T14:44:37.363737591Z + sed -i '/^listen.allowed_clients/s/,,/,/g' /usr/local/etc/php-fpm.d/www.conf
2024-10-29T14:44:37.366234100Z + sed -i '/^listen.allowed_clients/s/,$//' /usr/local/etc/php-fpm.d/www.conf
2024-10-29T14:44:37.367911174Z + grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
2024-10-29T14:44:37.369019623Z listen.allowed_clients = 127.0.0.1,::1,172.18.0.12,172.18.0.2
2024-10-29T14:44:37.369184030Z + set +x
2024-10-29T14:44:38.870940246Z [29-Oct-2024 15:44:38] NOTICE: fpm is running, pid 576
2024-10-29T14:44:38.870952047Z [29-Oct-2024 15:44:38] NOTICE: ready to handle connections
2024-10-29T14:44:53.678270152Z Activating Collabora config...
2024-10-29T14:44:54.172296251Z ✓ Reset callback url autodetect
2024-10-29T14:44:54.172312852Z Checking configuration
2024-10-29T14:44:54.172316652Z 🛈 Configured WOPI URL: https://whykorp.fr
2024-10-29T14:44:54.172319953Z 🛈 Configured public WOPI URL: https://whykorp.fr
2024-10-29T14:44:54.172323053Z 🛈 Configured callback URL: 
2024-10-29T14:44:54.172487760Z 
2024-10-29T14:44:54.233023605Z Failed to fetch discovery endpoint from https://whykorp.fr
2024-10-29T14:44:54.233039206Z cURL error 35: OpenSSL/3.3.2: error:0A000438:SSL routines::tlsv1 alert internal error (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://whykorp.fr/hosting/discovery

wwe · October 29, 2024, 9:07pm

Hello @Whykioh welcome to the community of Nextcloud.

obviously this is not the case

the problem is clear from the log:

tell you there is a problem while the system tries to acquire TLS certificate from letsencypt.

I don’t see enough details in your post but my educated guess would be there is something wrong with port forwarding in your router or maybe with DNS or firewall. please review the docs Nextcloud AiO and double check every single requirement.

Whykioh · October 29, 2024, 11:54pm

Hello thanks for the welcome

I agree. But i don’t know how to fix that
I think (from my limited experience) that you would have to configure something so that the certificate is valid or can be verified or something like that, right?
I have all the ports opened and I’ve also set up a DMZ on my machine.
Otherwise, thank you for answering, you’re a great help.

wwe · October 30, 2024, 8:54am

This is exactly the point: if want self-host software you have to learn how to troubleshoot and fix things.

Please review 101: Self-hosting information for beginners to make sure you are prepared to manage your own system.

Whykioh · October 30, 2024, 2:25pm

Thanks again for the reply
I know the basics for self-hosting, I’ve been doing it for about 3 years with minecraft servers or websites. On the other hand, I had never thought about SSL TLS etc, I never really needed it since I was the only user of my sites.
I read your post (linked) and apart from Linux I know the rest. The problem is that on the internet I see lots of tutorials to solve my problem with commands to enter but it’s never specified where in the case of Windows.
I was expecting more targeted solutions