Our web server is not properly set up to resolve "/.well-known/caldav"

Nextcloud version (eg, 12.0.2): 16.0.1
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04.2 LTS
Apache or nginx version (eg, Apache 2.4.25): nginx version: nginx/1.14.0 (Ubuntu)

PHP version (eg, 7.1): PHP 7.2.20-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Jul 10 2019 06:59:02) ( NTS )

The issue you are facing: Repeatedly getting the following errors in my web portal admin account overview section:
`There are some errors regarding your setup.

Error occurred whilst checking server setup

Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.

`

I’ve also be dealing with other issues such as .htaccess and user.ini not passing file integrity checks. I believe I have fixed this issue but it could be a factor, I’m not sure.

Also my front page of the web portal constantly refreshes ever 5 seconds. I’ve seen this before. To fix it I edited my .htaccess and that’s what led to the above problem. Could be related. Unsure.

Also every couple of hours my server forces itself into maintenance mode for completely unknown reasons.

Is this the first time you’ve seen this error? (Y/N): Yes and No. I have not seen the caldav error per se but I have seen the other errors off and on before and it appears to me to be part of some weird pattern.

The output of your Nextcloud log in Admin > Logging:

Unable to retrieve admin logging information from web portal. It tries to load and just shows the loading animation forever. 

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'redacted',
  'secret' => 'redacted',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'cloud.jackalope.tech',
    2 => 'wiki.jackalope.tech',
  ),
  'datadirectory' => '/var/nc-data',
  'overwrite.cli.url' => 'https://cloud.jackalope.tech',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '16.0.1.1',
  'dbname' => 'redacted',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'admindb',
  'dbpassword' => 'redacted',
  'installed' => true,
  'instanceid' => 'redacted',
  'mail_from_address' => '',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => '',
  'mail_smtpname' => '',
  'mail_smtpsecure' => 'tls',
  'mail_smtpauth' => '1',
  'mail_smtphost' => '',
  'mail_smtpport' => '587',
  'mail_smtppassword' => '',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => '0',
    'timeout' => '0.0',
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'enable_previews' => 'true',
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\BMP',
    4 => 'OC\\Preview\\XBitmap',
    5 => 'OC\\Preview\\Movie',
    6 => 'OC\\Preview\\PDF',
    7 => 'OC\\Preview\\MP3',
    8 => 'OC\\Preview\\TXT',
    9 => 'OC\\Preview\\MarkDown',
  ),
  'preview_max_x' => '1024',
  'preview_max_y' => '768',
  'preview_max_scale_factor' => '1',
  'auth.bruteforce.protection.enabled' => 'true',
  'trashbin_retention_obligation' => 'auto,7',
  'skeletondirectory' => '',
  'defaultapp' => 'file',
  'activity_expire_days' => '14',
  'integrity.check.disabled' => 'false',
  'updater.release.channel' => 'stable',
  'loglevel' => 0,
  'maintenance' => false,
  'theme' => '',
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' => 
  array (
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
  ),
  'onlyoffice' => 
  array (
    'verify_peer_off' => true,
  ),
  'data-fingerprint' => 'redacted',
);

The output of your Apache/nginx/system log in /var/log/____:

2019/07/20 09:10:30 [crit] 1680#1680: *109698 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 102.165.51.36, server: 0.0.0.0:443

The above could be because I earlier today tried adding stuff to the ssl.conf on my nginx settings due to trying to follow this thread: Caldav and carddav error resolving

I’m currently scouring other threads on the forum, checking reddit, checking the github repo etc. So I’m not done trying things, but I’ve been having problems with this thing for nearly 6 months and I don’t know what I can do to fix it.

Check Edit for most up to date info

I’ve been looking through the threads and I found this one: [solved] .well-known/caldav check in 15.0.4 nextcloud sever is behind an HAproxy where SSL-offloading is being performed

In the process of getting some information about what I had changed in my nginx/sites-enabled/cloud.jackalope.tech file I realized that a I had a more fleshed out version of my conf file in nginx/con.d/nextcloud.conf

Does this mean I need to symlink the cloud.jackalope.tech file to the nextcloud.conf maybe?

EDIT:

I have tried symlinking cloud.jackalope.tech to nextcloud.conf and that didn’t fix anything.

I then went in and replaced the instances of $scheme and $host with a hardcoded version of the url in case that was the problem (since that seems to be the primary problem in the threads I’ve looked at)

This did not work.

For the sake of information here is my nextcloud.conf file:

server {
	listen 80 default_server;
	server_name cloud.jackalope.tech;
	#Your DDNS adress, (e.g. from desec.io or no-ip.com)
	location ^~ /.well-known/acme-challenge {
		proxy_pass http://127.0.0.1:81;
	}
	location / {
		return 301 https://$host$request_uri;
	}
}
server {
	listen 443 ssl http2 default_server;
	server_name cloud.jackalope.tech;
	root /var/www/nextcloud/;
	access_log /var/log/nginx/nextcloud.access.log main;
	error_log /var/log/nginx/nextcloud.error.log warn;
	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}
	location = /.well-known/carddav {
		return 301 https://cloud.jackalope.tech/remote.php/dav;
	}
	location = /.well-known/caldav {
		return 301 https://cloud.jackalope.tech/remote.php/dav;
	}
	client_max_body_size 10240M;
# BEGIN ANSIBLE MANAGED BLOCK collabra
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# END ANSIBLE MANAGED BLOCK collabra
	location / {
		rewrite ^ /index.php$uri;
	}
	location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
		deny all;
	}
	location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
		deny all;
	}
	location ~* \.(?:flv|mp4|mov|m4a)$ {
		mp4;
		mp4_buffer_size 5m;
		mp4_max_buffer_size 10m;
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		include fastcgi_params;
		include php_optimization.conf;
		fastcgi_pass php-handler;
		fastcgi_param HTTPS on;
	}
	location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		include fastcgi_params;
		include php_optimization.conf;
		fastcgi_pass php-handler;
		fastcgi_param HTTPS on;
	}
	location ~ ^/(?:updater|ocs-provider)(?:$|/) {
		try_files $uri/ =404;
		index index.php;
	}
	location ~ \.(?:css|js|woff|svg|gif)$ {
		try_files $uri /index.php$uri$is_args$args;
		add_header Cache-Control "public, max-age=15778463";
		access_log off;
		expires 30d;
	}
	location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
		try_files $uri /index.php$uri$is_args$args;
		access_log off;
		expires 30d;
	}
}

Also I tried curling the urls to see what info I could glean from that and this is what I got:

└─➤ curl https://cloud.jackalope.tech/remote.php/dav
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>

and

└─➤ curl http://cloud.jackalope.tech/remote.php/dav 
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Any clue what needs to be done here?

i guess these lines are missing in your nginx.conf

Just so I know what I’m doing. What’s the difference between that and the below which is in my conf file?

And which lines do I change?

These are the lines I changed, but it still doesn’t work:

server {
	listen 80 default_server;
	server_name cloud.jackalope.tech;
	#Your DDNS adress, (e.g. from desec.io or no-ip.com)
	location ^~ /.well-known/acme-challenge {
		proxy_pass http://127.0.0.1:81;
	}
	location / {
		return 301 https://$host$request_uri;
	}
}
server {
	listen 443 ssl http2 default_server;
	server_name cloud.jackalope.tech;
	root /var/www/nextcloud/;
	access_log /var/log/nginx/nextcloud.access.log main;
	error_log /var/log/nginx/nextcloud.error.log warn;
	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}
	location = /.well-known/carddav {
		return 301 $scheme://$host:443/remote.php/dav;
	}
	location = /.well-known/caldav {
		return 301 $scheme://$host:443/remote.php/dav;
	}
	client_max_body_size 10240M;
# BEGIN ANSIBLE MANAGED BLOCK collabra
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# END ANSIBLE MANAGED BLOCK collabra
	location / {
		rewrite ^ /index.php$uri;
	}
	location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
		deny all;
	}
	location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
		deny all;
	}
	location ~* \.(?:flv|mp4|mov|m4a)$ {
		mp4;
		mp4_buffer_size 5m;
		mp4_max_buffer_size 10m;
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		include fastcgi_params;
		include php_optimization.conf;
		fastcgi_pass php-handler;
		fastcgi_param HTTPS on;
	}
	location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		include fastcgi_params;
		include php_optimization.conf;
		fastcgi_pass php-handler;
		fastcgi_param HTTPS on;
	}
	location ~ ^/(?:updater|ocs-provider)(?:$|/) {
		try_files $uri/ =404;
		index index.php;
	}
	location ~ \.(?:css|js|woff|svg|gif)$ {
		try_files $uri /index.php$uri$is_args$args;
		add_header Cache-Control "public, max-age=15778463";
		access_log off;
		expires 30d;
	}
	location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
		try_files $uri /index.php$uri$is_args$args;
		access_log off;
		expires 30d;
	}
}

Did you delete browser cache before testing? 301 is permanent redirect and it may cause problems when testing new settings. 302 is better if you don’t actually need 301.

Yes, I’ve just tested it with a fresh cache and it’s giving me the same response.

I’m also having the front page refresh every 5 seconds. I was hoping to fix one problem at a time but maybe these things are interconnected

Also I thought I had fixed the file integrity problems in this thread: Is there a way to override file integrity check failures?

I thought I had fixed it because I no longer saw the file integrity errors but when I started looking into the 5 second refresh problem I found I could check which files were giving me trouble by checking this url: https://cloud.jackalope.tech/index.php/settings/integrity/failed

Though of course that url might be very old and simply not refreshed as the caldav etc issues might be preventing that. I’m unsure.

So I have 3 mysterious problems and I’m not sure how they’re related. :frowning:

Yeah I can’t find a solution to the 5 second refresh problem, the integrity files problem, or the the caldav problem that started this specific post.

Is it possible for me to just do a manual upgrade to 16.0.3 and see if that fixes things?

The .well-known-redirects have to be 301, 303 or 307. So I’d suggest to use a 307 instead of a 302.

1 Like

If the issue is within NC, then a manual install using the standalone installer might work. I have done that before as well, when I screwed up my NC instance. It won’t resolve any issues with the web server, though.

Just for clarification, of the 3 problems I’m experiencing:

  1. cardav/caldav
  2. 5 second refresh
  3. file integrity check failure

the ones which are within NC are 3. the file integrity check failure and…? I’m honestly not sure what the root causes of the other two problems are. Are these server problems?

EDIT:

Okay and I restarted my machine and 2 of the three problems went away with 0 explanation???

Now the only problem I’m having still is the file integrity check. Going to see what I can do about that.

So, what do you get, when you re-run the integrity check? Which files are still being complained about?

Hey so I just replaced the .htaccess and user.ini files with ones from the Nextcloud download and the file integrity check stopped throwing an alert!

Now the only thing left is the readme for one of my apps. I deleted it. I’m currently waiting for the integrity check to rerun via cron so I can see if that’s fixed everything.

(Also, as an aside, I know that one can run an integrity check using occ but it requires me to specify the security keys and stuff. I’m… not sure where that stuff is. Is there any other ways I can run the check? Or perhaps is there a way to trigger cron ahead of time? I’m sitting around waiting for cron to run so in the mean time I’m googling those questions and it seems like the answer is “yes but it’s a whole bunch of complicated steps”. But maybe I’m wrong and there’s an easier way to do it. )

EDIT:

ALL CHECKS PASSED! THANK YOU EVERYONE! Nothing appears to be broken on my install anymore!

at least for now :confused:

I hope this works!

You can re-run the integrity check from the settings as an admin account, provided the integrity check still throws an error. Usually, until the integrity-check has passed, this is always possible to trigger a re-run from there.

If I click “rescan” it just takes me to the settings page for cron jobs?

EDIT: oh looks like this is actually on the changelog of things fixed in the newest stable update. cool

Hello, how did you fix the probllem…?
Thanks.