Yet another domain validation failure for AIO

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • AIO version installed via Docker image, v31.0.7
• Operating system and version (e.g., Ubuntu 24.04):
  • Linux Mint 22.1
• Web server and version (e.g, Apache 2.4.25):
  • Not sure. NextCloud AIO installed via Docker.
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • None pre-existing.
• PHP version (e.g, 8.3):
  • Not sure. NextCloud AIO installed via Docker.
• Is this the first time you’ve seen this error? (Yes / No):
  • Yes
• When did this problem seem to first start?
  • While installing on my father in law’s laptop at home in early July.
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • AIO installed via Docker.
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • ISP is SaskTel in Saskatchewan, Canada. To my knowledge, there is no Cloudflare or tunneling or reverse proxying happening at all (beyond whatever is installed within AIO)

Summary of the issue you are facing:

In a nutshell, domain validation during setup fails when setting up NextCloud for my father in law in Canada. The message on-screen is :
“Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. (‘sudo docker logs -f nextcloud-aio-mastercontainer’) If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.”

There are so many posts about the domain validation failing that I feel guilty for posting this, but I’d like to better understand what the domain validation IS and what steps are happening so that I have a better chance of fixing this for my situation.

Also, ports 80, 443 are open in the router and pointing to the server, as verified by portchecker.co. /etc/hosts file includes entry “ ”. From the server, I can ping the internal IP and the domain name and get clean response. Dynamic DNS name “rglongpre.ddns.net” obtained via Noip.com.

Last thing: I’ve duplicated this exact same setup (Linux Mint 22.1, NextCloud AIO via Docker, same open ports) on my laptop at home (with the dynamic DNS “saucyknave.ddns.net”) and domain validation succeeds right away. Everything works exactly as expected for me. Functionally speaking, the only difference is the internet provider and the router.

Steps to replicate it (hint: details matter!):

1. Linux Mint 22.1 installed on laptop. No customization, no configuration other than power settings to make sure the laptop won’t turn off. Following the official guide for AIO, I install Docker, then NextCloud. Absolutely by the book, no deviations from the guide. (I realize Docker doesn’t official support Linux Mint, but Docker works, so it’s irrelevant.)
2. Log onto the initial AIO setup website, using http://:8080. Page opens up with AIO passphrase, which is copied down and used to move to next page, where I need to enter the domain name.
3. I can repeat this entire setup over and over again, but when I enter “rglongpre.ddns.net”, it always comes back saying the message I posted above, that the “Domain does not point to this server” and yet IT DOES. There is no active firewall on the server, and the router is set up to forward traffic on port 443 to the server, yet the domain validation attempt fails.
4. I just want to know EXACTLY what steps are actually taken to validate the domain so I can break it down and examine it. Since it works for me and not my father in law, I assume either his ISP is “blocking domain validation” (which doesn’t help if I don’t know what is happening during domain validation) or his router is not correctly forwarding traffic on 443, which would contradict the router configuration itself (which is totally possible).

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

Since NextCloud isn't fully running, I'm not sure what other log is applicable or available.  This is the tail end of the "nextcloud-aio-mastercontainer" log...
NOTICE: PHP message: The response of the connection attempt to "http://rglongpre.ddns.net:443" was: 
NOTICE: PHP message: Expected was: ad5cd42e858a8317f0e2bbf821928e53dec674e0783b7709
NOTICE: PHP message: The error message was: Connection timed out after 10002 milliseconds

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

I've only ever installed NextCloud using the AIO version installed via Docker, so I have no idea how to even get to the config.php file or if one exists at this point.

Hey @saucyknave welcome to the community that goes for the in-laws too

we’ll need to take a look at that config file, see

could you double check that… both port 443 and port 80 must be forwarded to the server… port 80 is needed for certification, once that is successful everything else happens on port 443

Yeah, like I said, that config file is elusive. I copied the command mentioned in the guide that you linked to, and Nano opens up but there’s no file. “[ Directory ‘/var/www/html/config’ does not exist ]”. As I understand it, the only containers running are nextcloud-aio-mastercontainer and nextcloud-aio-domaincheck, so no config file has yet been created. At least, that’s my feeling. I can run that same command on my working installation, and I get the config.php file open in Nano.

As for your other question, I can confirm that I configured the router to forward traffic on ports 80 and 443 to the server. As I mentioned, I used portchecker.co to verify, but do you know of another way to verify that they are correctly forwarding packets? I have a strong feeling that this is the crux of my situation.

agree… but I’m wondering why you can’t open config.php? now I’m a snapper myself, so the docker folks would be better help with that, but has the initial installation been completed yet?

also, why don’t you just give your dad-in-law an account on your working nextcloud?

Oh, I thought of something else to mention. When we were at the in-laws a couple weeks ago, and I was running into this issue, before we left, I tried something else. I completely removed all trace of NextCloud from the server and installed the latest version of Apache. Following a DigitalOcean guide, I set up certbot and got a cert from LetsEncrypt. All of that worked perfectly, with no hiccups. I wiped everything out and tried again with NextCloud and here we are, with domain validation not working.

First off, isn’t that proof the router is correctly forwarding 443 and 80? Secondly, why would Apache + certbot work but not NextCloud + domain validation?

Well no, the installation hasn’t been completed. I haven’t yet selected containers to run, so the initial configuration has not yet been finished. Sure, I could shut down the mastercontainer and restart it with the switch to bypass domain validation, but that’s not answering my question or helping me achieve domain validation that should otherwise work. Otherwise, this whole NextCloud/personal server thing is a project between us. It’s our way of keeping in touch and nerding out.

ahhh… its like in the Highlander, “there can only be one”!

are you sure?.. just asking

Yep, I’m sure. Booted into Live Linux to completely start over and the first thing I did was delete the partitions. Short of writing zeros to the disk, I completely started over, and ended up making zero progress.

great idea… glad Nextcloud is good for important things like family too

so lets wait and see what the docker folks suggest, maybe they have better ideas?

just a hunch, but do you get some sort of IPv6 messages when you ping that D DNS name “rglongpre.ddns.net” from the host command line?

… bacause that setup is much simpler than Nextcloud + Docker AIO + domain validation.

maybe the in-laws have a NATed connection? see What CG-NAT is, how to detect it, why it is bad, what can you do about it

Sorry, I performed the wrong test and posted the results and deleted my post.

According to the link you provided, they’re not on a NATed connection. Their public IP starts with 216, and it’s just one hop when I run a traceroute. No funny IPv6 info when pinging their public IP, either. Same kind of result when I do it from my server.

For anyone who cares, I STILL cannot get the domain validation to work. I completely started over with NextCloud, and this time went with a reverse proxy setup using Apache sitting in front of the NextCloud install on the same host. I used the guides on DigitalOcean to configure Apache as a reverse proxy with certbot to get a legit LetsEncrypt certificate, and all that’s good. Secured web server is configured as a reverse proxy. Then I followed the guide on NextCloud’s github page to configure/install NextCloud behind a reverse proxy, and it’s the same results! Everything looks great up until I enter the domain in the AIO interface. Every single time it’s coming back saying “Domain does not point to this server”.

I tested for the presence of CGNAT and I don’t see it, but that’s GOT to be it, right? Someone said that getting a valid cert through Let’s Encrypt and certbot isn’t proof that I’m not being a CGNAT, but I have no idea how to verify that. Maybe I need to pay support to help me out. I don’t know. I just don’t know.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.