I was getting the error message [EINVAL] values.ingress.main.tls: Item#0 is not valid per list types: [EINVAL] tlsEntry.scaleCert: Invalid choice: 3 when I was on nextcloud 25.0.2_19.0.51 (truecharts) and was not able to upgrade so I deleted nextcloud and installed 25.0.4_1.6.18 (standard truenas scale apps).
I manually added my web address to config.php add cloud.myweb.mycom as trusted domain, and am able to access nextcloud fine using a browser. But fails when using the windows web app with the error untrusted certificate - The host name did not match any of the valid hosts for this certificate for windows and iOS "web login not available, use the old login method."
So after reading a number of posts, changed the owner (chown) to the directory - in my case /mnt/Main/vmStorage/nextcloud to www-data with the same results.
I would prefer using the latest version of nextcloud, but the posts Iâm finding on various sites have somewhat conflicting information. I do have webDAV installed at the server level but donât have any webDAV shares set up (some posts indicated adding webDAV username to the config file).
In looking at the log in Administration/Overview in the web interface I see:
You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. Please read the documentation page about this .
Although i think this only applies to the direct web access Iâm using I did find an article related to access, so I added the following in config.php:
âoverwritehostâ => âcustom.domain.comâ,
âoverwriteprotocolâ => âhttpsâ,
âoverwritewebrootâ => â/â,
âoverwrite.cli.urlâ => âhttps://custom.domain.com/â,
âhtaccess.RewriteBaseâ => â/â,
With no change in behavior. Spinning my wheels now trying to find the appropriate documentation to follow.
Is your certificate actually valid? And does it match the URL you typed in the apps? You can test it here: https://ssllabs.com/ssltest
Usually this is the result of a reverse proxy using HTTP on the backend connection, and you would need overwriteprotocol to fix it. Are you using a reverse proxy?
Two good points @KarlF12 , thanks. I had thought that the cloudflared app in Truenas was handling the certificate. And, yes I am using reverse proxy. I tried using the overwriteprotocol as HTTPS, but Iâll try HTTP? Iâll see if I can find better documentation on the parameters like overwriteprotocol.
You would want it set to HTTPS. Your NC server thinks itâs HTTP because thatâs whatâs coming to it from the proxy and so sends the client to HTTP URLs (âgenerating insecure URLsâ).
I deleted everything, re-installed the certificates, double checked cloudflare tunnel configuration it is working using the web again using cloud.mydomain.com, but not the app. cloud.mydomain.com is added to the trusted domains. I donât understand why it would work with the web page and not the app.
Still working on it. In the logs I see "failed to create fsnotify watcher: too many open files (nextcloud-postgresql log, nextcloud-redis log, hpb log, etc.). I increased the inotify ( sudo sysctl fs.inotify.max_user_watches=262144) but not helping and not certain itâs related.
Thanks again @KarlF12
I re-installed again making sure to configure ingress on initial installation in truenas scale. Again, cloud.mydomain.com works fine using a browser (phone, pc, etc.). Iâve added the external IP address to the trusted domains in the config.php; added a port forward for nextcloud (10020) to the server in the router and the app message is - âconnection error Could not connect to serverâ. On a PC web browser using the external IP & port I get:
** Access through untrusted domain
Please contact your administrator. If you are an administrator, edit the âtrusted_domainsâ setting in config/config.php like the example in config.sample.php.
Further information how to configure this can be found in the documentation.**
both of these make sense because Iâm trying to https into a web site that is http only. I use the tunnel to create my https connection.
With the re-install I am getting âError Web Login not available, use the old login methodâ. Whatâs the old login method?
FYI Web access on iOS works fine - including uploading and viewing files; just the app has issues. Also, added âoverwriteprotocolâ => âhttpsâ, to the config file when I re-installed.
Hereâs my redacted config.php: config.odt (25.9 KB)
In one post above, you said you had the external IP in trusted_hosts, and in another you said cloud.mydomain.com. Ultimately to resolve this error, whatever IP or FQDN you are putting in the address bar of your browser (or server address of the app) needs to be included in trusted_domains. The error means it is not finding an entry that matches.
This should be cloud.mydomain.com along with a matching certificate if the goal is to have valid HTTPS. And then ideally you should always use the valid URL to access it, never the IP.
Thatâs fine, and possibly necessary to make it work with the tunnel. But also understand that this means you MUST use HTTPS when connecting because it will always redirect you to HTTPS URLs.
This may mean that you need to connect over the tunnel even when coming from your LAN in order for all the moving parts to line up.
.