SSL issue after renewing certificates with Let's Encrypt


I am running Nextcloud on my ODROID XU4 and had to replace the self signed certificates via Let’s Encrypt. After that I am running into the following error:

Nextcloud version (eg, 12.0.2): 17.0.1
Operating system and version (eg, Ubuntu 17.04): Debian Stretch with Armbian Linux 4.14.133-odroidxu4
Apache or nginx version (eg, Apache 2.4.25): 2.4.25
PHP version (eg, 7.1): 7.2.24-1+0~20191026.31+debian9~1.gbpbbacde

The issue you are facing:
When I connect to my Nextcloud Instance over the web interface it’s super slow and not all resources are fully loaded (e.g. navbar). On my iPhone I am using the Nextcloud Client and I get an SSL error message.

Oddly, when I try to connect from my girlfriend’s laptop I see an ERR_CONNECTION_RESET error. For more details I tried a curl with verbose option and got an SSL_ERROR_SYSCALL from her machine. From my laptop I get a normal HTTP-200 response.

When turning SSL off and using port 80 in my vhost everything is working fine.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Connect to nextcloud instance via web or client

The output of your Nextcloud log in Admin > Logging:

[cron] Debug: Finished OC\Command\CommandJob job with ID 762 in 0 seconds

GET /cron.php
from at 2019-11-24T15:05:00+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '***',
  'passwordsalt' => '***',
  'secret' => '***',
  'trusted_domains' => 
  array (
    0 => '***',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'datadirectory' => '/media/nas1',
  'overwrite.cli.url' => '***',
  'dbtype' => 'mysql',
  'version' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '***',
  'dbpassword' => '***',
  'installed' => true,
  'loglevel' => '0',
  'forcessl' => true,
  'maintenance' => false,
  'theme' => '',
  'mail_smtpmode' => 'php',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'updater.secret' => '***',
  '' => 'stable',

The output of your Apache/nginx/system log in /var/log/error.log:

[Sun Nov 24 16:01:17.921582 2019] [ssl:error] [pid 2132] [client] AH02042: rejecting client initiated renegotiation

The nextcloud.conf file in my /etc/apache2 folder

 <VirtualHost *:80>
DocumentRoot "/var/www/html/nextcloud"
ServerName ***
<Directory "/var/www/html/nextcloud/">
Options MultiViews FollowSymlinks

AllowOverride All
Order allow,deny
Allow from all
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log 
RewriteEngine on
RewriteCond %{SERVER_NAME} =***
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

The SSL configuration for apache just includes the default from Let’s Encrypt I can post more of it if needed.

In general I am seeing my renewed certificate in the browser when connecting from my machine.

Expires: Saturday, 22. February 2020 at 13:07:28 Central European Standard Time

I appreciate any help!

Can you run a test on your ssl setup on

Did you perhaps not reload the settings correctly? Is the server on you local network? You access via hostname or via IP?

Hi, thanks for your answer.

I already ran a test on ssllabs with gave me an A+ rating:

Server Key and Certificate #1
Valid from	Sun, 24 Nov 2019 12:07:28 UTC
Valid until	Sat, 22 Feb 2020 12:07:28 UTC (expires in 2 months and 28 days)
Key	RSA 2048 bits (e 65537)
Weak key (Debian)	No
Issuer	Let's Encrypt Authority X3
Signature algorithm	SHA256withRSA
Extended Validation	No
Certificate Transparency	Yes (certificate)
OCSP Must Staple	No
Revocation information	OCSP
Revocation status	Good (not revoked)
DNS CAA	No (more info)
Trusted	Yes
Mozilla  Apple  Android  Java  Windows

The only error I have seen was under Miscellaneous:

Test date	Sun, 24 Nov 2019 15:00:51 UTC
Test duration	173.253 seconds
HTTP status code	Request failed (Too many Redirection)
HTTP server signature	Apache/2.4.25 (Debian)

After changing the settings I did a reload of my apache2 (sudo systemctl reload apache2). The server is running on my local network. I am using a no-ip DynDNS and no-ip on my server to update my ipv4 address. My ports are also forwarded correctly (80,8080,8443,443).

I just tested my URL from an external network and everything’s working fine. So the only problem is accessing my domain from my local network (via SSL).

Any ideas?