Security Scan says "Host not found"

Culogy · July 6, 2025, 7:34am

When trying to run a security scan, the scanner says “Host not found”. It used to work in the past (> 6 months ago). I now upgraded to 31.0.6 and it doesn’t work anymore.

Everything else is working fine. I can access my nextcloud from the internet from both, mobile and pc clients as well as webdav. To access it, I use an address like cloud.mydomain.ch. My server is behind a firewall that only lets Ports 22, 80 and 443 through. And only TCP protocol. Also only IPv4. DNS entries haven’t changed in years.

My status.php returns:
https://cloud.mydomain.ch/status.php
{“installed”:true,“maintenance”:false,“needsDbUpgrade”:false,“version”:“31.0.6.2”,“versionstring”:“31.0.6”,“edition”:“”,“productname”:“Nextcloud”,“extendedSupport”:false}

Thus my questions:
Is the security scan working for others? Can somebody confirm?

What preconditions does the security scan need to reach my host?

Culogy · July 6, 2025, 7:41am

Ok, I got it to work (and I still got my A+ rating ): I entered the following URL in the security scanner’s input prompt:
https://cloud.mydomain.ch/status.php

Instead of only (as I did in the past years):
cloud.mydomain.ch

Interestingly, the security scanner then displays:
https://cloud.mydomain.ch/status.php/nextcloud

Entering https://cloud.mydomain.ch/ alone doesn’t work either.

Does anyone know what’s going on?

mritzmann · July 8, 2025, 6:17am

Wild guess: Do you have an A and an AAAA DNS record but only one is working?

michael_rasmussen · July 10, 2025, 4:26am

I have the same issue.
My setup:
nextcloud.domain.tld → CNAME domain.tld
domain.tld A x.y.z.w
domian.tld AAAA 1aaa:f1111:1:ffc::

uroemer · July 10, 2025, 6:38am

i have same problem and it works with https://…/status.php

Soko · July 10, 2025, 9:17am

I have the same issue with 2 instances:
1 selvhosted on a TLS
1 hosted by ionos

adding /status.php to the URL fixes the Problem, but that’s only a workarround…

Markus_Heckelmann · July 10, 2025, 10:01am

Same issue here. Three different instances. All selfhosted. 1 = v31.x and 2 = v30.x. Before I could write cloud.domain.tld. Now i must write https://cloud.domain.tld/status.php.
This works as workaround. But its not a real solution, I think.

The configuration is different:

v31:
DNS A-Eintrag
behind a FortiWeb Reverse-Proxy
v30:
DNS CNAME-Eintrag → A-Eintrag
behind a nginx-proxy-manager Reverse-Proxy

mritzmann · July 10, 2025, 10:28am

I can now also reproduce the problem. Since there is no project for this on GitHub, I’ll take the liberty of pinging two (presumably) Nextcloud employees here

cc @nickvergessen @Daphne

To me, it looks like something is broken on scan.nextcloud.com

Steps to reproduce:

open https://scan.nextcloud.com
enter a host and press scan

Tested Inputs:

cloud.asvt.ch
https://cloud.asvt.ch

Result

The strange thing is that it works with some installations, but not with others. I don’t see any request in the server’s access log. So I wonder if it’s a DNS problem? But everything looks ok from my point of view. IPv4 and IPv6 works. DNSSEC works also. And that it suddenly affects so many seems more like a problem on the part of scan.nextcloud.com.

EDIT: DNS problem does not seem right to me as it works with /status.php.

b_a · July 14, 2025, 12:16am

I have the same issue since (I think) upgrading to v31. I host NC on rpi, there’s an nginx reverse proxy between the NC instance and the world.
As with the other posters: in the past I could just plop down my NC address to scan, now I need to append /status.php for it to work.

It’s a minor inconvenience, but might be indicative of a larger issue.