updating/installing apps always choses IPv6 but github.com hasnt an AAAA entry

Somehow nextcloud tries to update/install apps from github.com via IPv6, but github.com has no AAAA DNS entry. So a Guzzle Exception is thrown.
when i try use curl on the commandline, everything is behaving normal.
when using curl in php on the commandline, everything works, too.

but nextcloud (runs via php-fpm) with guzzle is failing to download files from github.com, because it tries via ipv6 (at least i get the same error when using curl -6 https://github.com)

has anybody an idea what could causing this? and why it is behaving in another way than on the command line?

as a workauround i put

if (empty($options['force_ip_resolve'])) $options['force_ip_resolve'] = 'v4';

into 3rdparty/guzzlehttp/guzzle/src/Handler/StreamHandler.php#L347
and into 3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php#L422

then everything works

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 30.0.2
  • Operating system and version (e.g., Ubuntu 24.04):
    • Archlinux latest
  • Web server and version (e.g, Apache 2.4.25):
    • nginx 1.26.2
  • PHP version (e.g, 8.3):
    • 8.3 via php-fpm
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • a month ago
  • Installation method (e.g. AIO, NCP, Bare Metal/Archive, etc.)
    • Archlinux package
  • Are you using Cloudflare, mod_security, or similar? (Yes / No)
    • Nope

Summary of the issue you are facing:

[…]

Steps to replicate it (hint: details matter!):

  1. try to update apps

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

{"reqId":"M8VXCglX97ZgBJYfSsSH","level":3,"time":"2024-11-30T21:34:49+00:00","remoteAddr":"95.90.210.171","user":"schelmo","app":"no app in context","method":"GET","url":"/settings/apps/update/gpxpod","message":"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'github.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0","version":"30.0.2.2","exception":{"Exception":"GuzzleHttp\\Exception\\RequestException","Message":"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'github.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz","Code":0,"Trace":[{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":158,"function":"createRejection","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":110,"function":"finishError","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::"},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php","line":47,"function":"finish","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::"},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":142,"function":"__invoke","class":"GuzzleHttp\\Handler\\CurlHandler","type":"->"},{"file":"/[redacted]/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php","line":146,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php","line":35,"function":"OC\\Http\\Client\\{closure}","class":"OC\\Http\\Client\\DnsPinMiddleware","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":31,"function":"__invoke","class":"GuzzleHttp\\PrepareBodyMiddleware","type":"->"},{"file":"/[redacted]/webapps/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":71,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":66,"function":"__invoke","class":"GuzzleHttp\\RedirectMiddleware","type":"->"},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php","line":75,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":333,"function":"__invoke","class":"GuzzleHttp\\HandlerStack","type":"->"},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":169,"function":"transfer","class":"GuzzleHttp\\Client","type":"->"},{"file":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":189,"function":"requestAsync","class":"GuzzleHttp\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/lib/private/Http/Client/Client.php","line":205,"function":"request","class":"GuzzleHttp\\Client","type":"->"},{"file":"/[redacted]/nextcloud/lib/private/Installer.php","line":246,"function":"get","class":"OC\\Http\\Client\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/lib/private/Installer.php","line":144,"function":"downloadApp","class":"OC\\Installer","type":"->"},{"file":"/[redacted]/nextcloud/apps/settings/lib/Controller/AppSettingsController.php","line":609,"function":"updateAppstoreApp","class":"OC\\Installer","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":208,"function":"updateApp","class":"OCA\\Settings\\Controller\\AppSettingsController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/[redacted]/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/[redacted]/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/[redacted]/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/[redacted]/nextcloud/lib/base.php","line":1001,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/[redacted]/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/[redacted]/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","Line":211,"message":"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'github.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz","exception":[],"CustomMessage":"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'github.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz"},"id":"674c5838bc802"}

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{                                                                                                                                                                                               
    "system": {                                                                                                                                                                                 
        "instanceid": "***REMOVED SENSITIVE VALUE***",                                                                                                                                          
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",                                                                                                                                        
        "secret": "***REMOVED SENSITIVE VALUE***",                                                                                                                                              
        "trusted_domains": [                                                                                                                                                                    
            "[redacted]",                                                                                                                                                            
            "[redacted]"                                                                                                                                                              
        ],                                                                                                                                                                                      
        "datadirectory": "***REMOVED SENSITIVE VALUE***",                                                                                                                                       
        "trashbin_retention_obligation": "auto,18",                                                                                                                                             
        "overwrite.cli.url": "https:\/\/[redacted]",                                                                                                                                 
        "dbtype": "mysql",                                                                      
        "version": "30.0.2.2",                                                                            
        "dbname": "***REMOVED SENSITIVE VALUE***",                                                        
        "dbhost": "***REMOVED SENSITIVE VALUE***",                                              
        "dbport": "",                                                                           
        "dbtableprefix": "oc_",                                                                           
        "dbuser": "***REMOVED SENSITIVE VALUE***",                                                                                       
        "dbpassword": "***REMOVED SENSITIVE VALUE***",                                          
        "installed": true,                                                                                
        "log_type": "file",                                                                                             
        "logfile": "\/[redacted]\/nextcloud\/logs\/nextcloud.log",                                
        "loglevel": 1,                                                                          
        "logdateformat": "F d, Y H:i:s",                                                        
        "memcache.local": "\\OC\\Memcache\\APCu",                                                         
        "memcache.locking": "\\OC\\Memcache\\Redis",                                            
        "memcache.distributed": "\\OC\\Memcache\\Redis",                                                                                 
        "redis": {           
            "host": "***REMOVED SENSITIVE VALUE***",                                                                    
            "port": 6379,       
            "timeout": 0                                                                        
        },                                                                                                              
        "maintenance": false,                                                                                           
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",                                   
        "mail_smtpmode": "smtp",                                                                
        "mail_smtpauthtype": "PLAIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",                                                                                  
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",                                                                                
        "default_phone_region": "DE",
        "theme": "",                     
        "app_install_overwrite": [        
            "gpxedit",               
            "gpxmotion",                 
            "cookbook",                   
            "files_3d",                                                                                                                                                                                              
            "money",                                 
            "maps"                                   
        ],                                                                                                                                                                                                           
        "mysql.utf8mb4": true,                       
        "maintenance:repair": "",                    
        "debug": false,                                                                                                                                                                                              
        "config_is_read_only": false,                       
        "mail_sendmailmode": "smtp",                        
        "mail_smtpstreamoptions": {                         
            "ssl": {                                        
                "allow_self_signed": true,                  
                "verify_peer": false,                       
                "verify_peer_name": false                                                                                                                                                                                                       
            }                                                       
        }                                                           
    }                                                               
}

Apps

The output of occ app:list (if possible).

Enabled:
  - activity: 3.0.0
  - app_api: 4.0.0
  - bookmarks: 15.0.2
  - bruteforcesettings: 3.0.0
  - calendar: 5.0.5
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contacts: 6.1.1
  - contactsinteraction: 1.11.0
  - cookbook: 0.11.2
  - dashboard: 7.10.0
  - dav: 1.31.1
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_3dmodelviewer: 0.0.14
  - files_downloadlimit: 3.0.0
  - files_external: 1.22.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - maps: 1.5.0
  - money: 0.29.0
  - nextcloud_announcements: 2.0.0
  - notes: 4.11.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - phonetrack: 0.8.1
  - photos: 3.0.2
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - spreed: 20.0.2
  - systemtags: 1.20.0
  - tasks: 0.16.1
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - admin_audit: 1.20.0
  - deck: 1.14.2 (installed 1.14.2)
  - encryption: 2.18.0
  - files_pdfviewer: 3.0.0 (installed 2.7.0)
  - gpxedit: 0.0.14 (installed 0.0.14)
  - gpxmotion: 0.1.0 (installed 0.1.0)
  - gpxpod: 7.0.4 (installed 7.0.4)
  - recommendations: 3.0.0 (installed 1.0.0)
  - support: 2.0.0 (installed 1.0.0)
  - survey_client: 2.0.0 (installed 1.2.0)
  - suspicious_login: 8.0.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - updatenotification: 1.20.0 (installed 1.4.1)
  - user_ldap: 1.21.0
  - weather_status: 1.10.0 (installed 1.1.0)