Renew Expired Certificate on Docker Nextcloud AIO


I’m running the Nextcloud AIO Docker setup on my server, but it appears that the SSL certificate expired at the end of last year, and it hasn’t auto-renewed. I don’t know much about them, nor about Docker, so I’m not sure how to fix this.

For other versions of Nextcloud, I have seen people suggest running specific commands, but for the Docker version it is split into multiple different containers, though I would assume that if it were any of them, it would be the aio-apache one. Does anybody know how to renew my certificate, and if so, how I can have this happen automatically in future?


Hi, are you using cloudflare?

No, I just have my domain set up to point directly at my server, and the original certificates were just automatically acquired by Nextcloud on setup, so I assume there’s some way I can get it to renew that, but I don’t know how, and can’t access the web interface because of the lack of certificate to see if there’s anything through that.

Too bad. Because it reminded me of this thread: Issues with renewing SSL certificates · Discussion #1101 · nextcloud/all-in-one · GitHub

Can you post the apache container logs here?

Where would I find those logs?

Ah, I have found them.

I seem to be getting “challenge failed”, with it saying “Timeout during connect (likely firewall problem)”, and the same for “validating authorization”, leading to it failing to get a certificate. It then keeps retrying, but with the same result. As far as I know, no ports are blocked or anything, and it succeeded in getting these certificates the first time round when I set it up.

I had previously had this issue due to my VPS provider changing the IPs and me not having updated my domain’s DNS records, but I’ve checked and they’re correct.

Okay, so you are sure that the A and AAAA records of your domain are correct and your server reachable via ipv4 and ipv6 as well port 443 forwarded correctly and you are not using Cloudflare? Then I am out ideas unfortunately…

You could for a test remove the AAAA record and check if that helps…

That actually helped, though I’m not sure what was stopping it specifically on the IPv6 address. I didn’t think to check until you suggested it, but it was only listing a failure on the IPv6 address, but not the IPv4. I’ve checked the address and it’s correct on all sides it seems, so I’m not sure what’s going on with that.

I’ll leave it like this for now and try to add it back later and see if I can get that to work. It was working fine before, so I’m not sure what is preventing it now.

Solved getting me on there at all, but still not sure what’s the problem with the IPv6.

I run on the same problem and removing the AAAA record helped (using Cloudfare with proxy disabled).

Also not sure why…