SSL initialization failed in Nextcloud Android client

i’ve read many forum posts and tried many things but nothing worked. my nextcloud android client used to worked fine but something broke it. the client is giving me ‘SSL initialisation failed’ as soon as I enter the URL.

proxy nginx:

ssl_ecdh_curve prime256v1;

proxy logs the following on each attempt:

2019/04/29 20:27:23 [alert] 15070#0: worker process 15221 exited on signal 11
2019/04/29 20:27:23 [alert] 15070#0: worker process 15220 exited on signal 11

android version is 6.0.1.
everything works fine in browsers (mobile or desktop). any idea what else to check? NC 16.0, listening on http, proxy is https.

From what I found on the net, I would expect that Nginx crashes because it gets an unexpected reply. Due to the fact that several of this errors seem to have been fixed in the past, I would make sure that you have installed the latest Nginx version. Additionally it would be worse to ask this question on the Nginx mailing list too.

https://www.google.com/search?client=firefox-b-d&ei=hO3KXNjINZnQgweiub2ADw&q=nginx+worker+process+exited+on+signal+11&oq=nginx+worker+process+exited+on+signal+11&gs_l=psy-ab.3..0i19l2j0i30i19j0i8i30i19.12214.12214..12992...0.0..0.57.57.1…0…1…gws-wiz.2O3uakKihoA

thank you j-ed. turns out it has something to do with let’s encrypt disabling SNI recently. my configuration is: https://site-a with some static content and https://site-b which is an aforementioned nextcloud proxy. both served on the same IP and using separate certificates (issued by let’s encrypt). if i disable site-a in nginx and reload it, suddenly i get no error and everything (except for site-a) works fine.

now i only wonder whether it’s possible to retain this setup or i need to chase for another IP address (maybe put site-a on a small sized vps).

As far as I know SNI (Server Name Identification) is a mechanism, used on the server site, to differentiate between virtual hosts based on the server name. Let’s encrypt has recently disabled the ACME domain verification based on TLS-SNI-01 but this has nothing to do with the SNI which you require. Maybe this article gives you some hints how to configure Nginx with SNI.

1 Like

Strange, I do not remember changing anything and yet - it started to work. No more SSL errors, just Simpletask Android is giving me “HOST_NOT_AVAILABLE” error (https://github.com/mpcjanssen/simpletask-android/issues/974). But since both desktop and mobile clients are working fine, same for WebDAV access it has something to do with the application itself.

1 Like