"SSL Handshake Failed" for Windows Desktop Client ONLY

GJSchaller · November 12, 2024, 2:23am

I recently set up a new Nextcloud instance on my TrueNAS using Docker. Once the instance was up and running, I set up a Reverse Proxy to the Docker instance to let me access it cleanly from home and outside. The proxy is using a Let’s Encrypt wildcart cert, the Docker instance does not have a cert installed (using the Proxy instead).

When browsing the web, or when using my Mac or iPhone & iPad, I have no issues setting up the client to connect.

When setting up the desktop app on a Windows PC (tested on both a Win 11 Laptop and a Win 11 VM on my Mac), I get the following error:

There are no reported issues in the Nextcloud Admin settings in the UI.

Any idea why this may be happening for Windows only, and not any other platform, and how to resolve it?

Thank you for any advice or help!

wwe · November 12, 2024, 7:29am

Your certificate looks good. my desktop client doesn’t throw any errors and opens a browser window when I try adding your instance. quick internet search shows it might be related to TLS 1.3 - did you tweak any TLS settings on your machines?

mritzmann · November 12, 2024, 7:45am

You have a non-functioning IPv6 address from an private address space in yor DNS.

$ dig +short cloud.aiskon.net aaaa 
fe80::7229:c312:f1c4:dc6a

$ curl -6 https://cloud.aiskon.net             
curl: (7) Failed to connect to cloud.aiskon.net port 443 after 2 ms: Couldn't connect to server

GJSchaller · November 12, 2024, 1:31pm

Dang, nice find! Thank you - I’ll need to narrow down the cause for that.

Thank you for the lead!

GJSchaller · November 12, 2024, 3:19pm

I was able to figure this out - my Virtualmin setup was assigning a bad IPv6 address to the proxy site. Once I manually updated it, it worked.

mritzmann · November 12, 2024, 10:23pm