[SOLVED] AIO Install 'Domain does not point to this server'

Morning, newbie here. Love the look of nextcloud but haven’t been lucky enough to get it working!

I’m not using a reverse proxy or anything fancy - I’m pointing a domain to my static IP and forwarding.

Been banging my head trying to get any of it to work. Logs show the below every time I try to check the domain:

NOTICE: PHP message: The response of the connection attempt to "http://subdomain.domain.com:443" was:
NOTICE: PHP message: Expected was: 0d2b46516a7d20b1870415d2841d0fe01cbd91fc328586fc
NOTICE: PHP message: The error message was: Recv failure: Connection reset by peer

I have a static IP, subdomain.domain.com DNS record and ports 80, 443, 8443 and 3478 pointed to the machine. The machine is a VM running ubuntu server 22.04 and I can confirm the DNS and port forwards all work as intended (forwarding 8080 allows me to get to the AIO page).

It gets more interesting when trying to access the AIO page externally via 8443; the let’s encrypt bit fails also, giving the below:

{"level":"info","ts":1683875025.3970633,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"info","ts":1683875025.4030795,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"error","ts":1683875038.3355348,"logger":"http.acme_client","msg":"challenge failed","identifier":"subdomain.domain.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":" Invalid response from http://subdomain.domain.com/.well-known/acme-challenge/rjkI22G0H2r7iShHVNHDMr4GUN4RNLwH6Xf2PRKRTuY: 404","instance":"","subproblems":[]}}
{"level":"error","ts":1683875038.3355842,"logger":"http.acme_client","msg":"validating authorization","identifier":"subdomain.domain.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":" Invalid response from http://subdomain.domain.com/.well-known/acme-challenge/rjkI22G0H2r7iShHVNHDMr4GUN4RNLwH6Xf2PRKRTuY: 404","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1104783177/181671441917","attempt":1,"max_attempts":3}

I’ve redacted the URLs & IPs for privacy but they are correct. Any help would be greatly appreciated!


EDIT: This is my second attempt at a fresh install. As I know there’s nothing wrong with the DNS or port forwards I tried to set the container to ignore the DNS check as per documentation but that didn’t work either; I got it to install nextcloud but couldn’t get to any login screens.

Hi, see What can I do when Nextcloud is not reachable via my domain or if I get `SSL_ERROR_INTERNAL_ERROR_ALERT` when opening my Nextcloud domain? · nextcloud/all-in-one · Discussion #2105 · GitHub

Thanks for this, but I don’t have the container ‘nexcloud-aio-apache’. Only the master container and domain check.

Ah I thought you would have skipped the domain validation already.

Then since you seem to be sure that everything is correctly configured, feel free to skip the domain validation and afterwards try the mentioned steps if Nextcloud should not open afterwards.

OK so done that, apache logs show many of these:

{"level":"error","ts":1683883942.1298702,"logger":"http.acme_client","msg":"challenge failed","identifier":"subdomain.domain.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":" Connection reset by peer","instance":"","subproblems":[]}}
{"level":"error","ts":1683883942.1299212,"logger":"http.acme_client","msg":"validating authorization","identifier":"subdomain.domain.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":" Connection reset by peer","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/101863034/8706682724","attempt":1,"max_attempts":3}
{"level":"error","ts":1683883942.129954,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"subdomain.domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - Connection reset by peer"}
{"level":"error","ts":1683883942.1299856,"logger":"tls.obtain","msg":"will retry","error":"[subdomain.domain.com] Obtain: [subdomain.domain.com] solving challenge: subdomain.domain.com: [subdomain.domain.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Connection reset by peer (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":9,"retrying_in":1800,"elapsed":5414.863948805,"max_duration":2592000}

EDIT: I’ve now tried some other domains and IP addresses with no joy. Strangely though the 8443 port now seems to have worked. I get a valid certificate and the landing page saying the login is blocked because nextcloud is running.

Then you can indeed follow the wiki above. However in your case it looks like the A record might not be set correctly?

Indeed 8443 uses a different cert than the one of Nextcloud.

Sorry I think we were typing at the same time. A record is fine as per my edit - it seems to have worked for the AIO on 8443.

It works! Restarted the containers, think it was firewall related, something to do with using an alias IP rather than my primary one and the order the rules were in.

Many thanks!