SSL_ERROR_INTERNAL_ERROR_ALERT on AIO Interface

nekton · January 4, 2025, 10:57pm

I have been using AIO for a couple of years now, in the default setup on a VPS with a cloud provider. I can access Nextcloud via mydomain.io and use it just as normal but not through my AIO GUI Interface on mydomain.io:8443 which now (I discovered the issue recently, not sure for how long exactly) throws SSL_ERROR_INTERNAL_ERROR_ALERT. I can only access AIO interface via x.x.x.x:8080 without proper HTTPS (nextcloud.local cert).

I’m on Nextcloud 30.0.4 and AIO v10.1.1

I have crawled through a lot of SSL_ERROR threads and discussions. My Apache Error Log looks the same as in the opening of this thread.

I had already increased it in the past but now I ran

echo "net.core.rmem_max = 7500000
net.core.wmem_max = 7500000" | sudo tee /etc/sysctl.d/nextcloud-aio-buffer-increase.conf

to ensure I’m compliant.

Now my Apache container log reads after restart:

docker logs nextcloud-aio-apache
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Connection to nextcloud-aio-nextcloud (172.18.0.8) 9000 port [tcp/*] succeeded!
[Sat Jan 04 22:29:49.593446 2025] [mpm_event:notice] [pid 42:tid 42] AH00489: Apache/2.4.62 (Unix) configured -- resuming normal operations
[Sat Jan 04 22:29:49.593917 2025] [core:notice] [pid 42:tid 42] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
{"level":"info","ts":1736029789.6114342,"msg":"using config from file","file":"/tmp/Caddyfile"}
{"level":"info","ts":1736029789.6142673,"msg":"adapted config to JSON","adapter":"caddyfile"}

@szaimen suggested it being 443 forwarding issue and validated that my ufw allows 443 as it always has (since the start of using AIO everything, including mydomain.com:8443, worked correctly).

Then I landed in What can I do when Nextcloud is not reachable via my domain or if I get `SSL_ERROR_INTERNAL_ERROR_ALERT` or `ERR_SSL_PROTOCOL_ERROR` when opening my Nextcloud domain? · nextcloud/all-in-one · Discussion #2105 · GitHub

but because I am not behind any additional proxy (just a default setup) and my Nextcloud instance is functional except for AIO interface cert, I do not know what I should do. I would like to not change the domain/subdomain.

Thank you for taking the time to build and support AIO which is brilliant!

szaimen · January 5, 2025, 11:44am

Hi,

Thanks for the positive feedback

Regarding your issue, can you post the output of sudo docker logs nextcloud-aio-mastercontainer here?

nekton · January 6, 2025, 10:38pm

Thank you! The output is a repetition of:

{"level":"error","ts":1736202271.0203745,"logger":"tls.on_demand","msg":"loading newly-obtained certificate from storage","remote_ip":"x.x.x.x","remote_port":"41178","server_name":"mydomain.io","error":"no matching certificate to load for mydomain.io: decoding certificate metadata: unexpected end of JSON input"}

I initially followed your post elsewhere, removed /var/lib/docker/volumes/nextcloud_aio_apache/_data/caddy/ and restarted services; the directory got regenerated, I can access Nextcloud instance as a user but AIO interface https://mydomain.io:8443 still throws SSL_ERROR_INTERNAL_ERROR_ALERT.

Can’t find the exact same error from logs anywhere…

szaimen · January 6, 2025, 10:48pm

In your case you need to clear /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/caddy/

nekton · January 7, 2025, 8:53pm

I was consistently barking up the wrong tree… thank you @szaimen!