Hey all,
So when I'm trying to access my Nextcloud server at nextcloud.maartenbraaksma.nl , I'm receiving this error: "NET::ERR_CERT_COMMON_NAME_INVALID".
Does anyone know what's going on? Here are the details from the generated text.
My domain is: nextcloud.maartenbraaksma.nl
I ran this command: Browse to nextcloud.maartenbraaksma.nl
It produced this output: NET::ERR_CERT_COMMON_NAME_INVALID
My web server is (include version): nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is: OVH, however I have a VPS.
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.40.0
Thanks in advance!
1 Like
If I visit https://nextcloud.maartenbraaksma.nl I don't get any error; it seems to be serving a valid certificate.
3 Likes
mcpherrinm:
I don't get any error
Ditto! Yet SSL Server Test: nextcloud.maartenbraaksma.nl (Powered by Qualys SSL Labs) seems to be having possible problems when using IPv6, IPv4 looks good.
3 Likes
Good catch @Bruce5051 . I think the nextcloud server is not listening or configured for IPv6 and instead that gets sent to your webserver. The cert returned when using IPv6 has these names in it:
SANs:
ball.maartenbraaksma.nl
maartenbraaksma.nl
www.maartenbraaksma.nl
4 Likes
Very interesting. Thanks for the fast comments everyone.
I'm not 100% sure how to set-up an IPv6 certficate specifically but I'll check the internet how to. (Unless you can tell me how I can do that, haha.)
3 Likes
As a side note: also it seems with TLS v1.2 you support (as tested with GitHub - drwetter/testssl.sh: Testing TLS/SSL encryption anywhere on any port )
xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
SHA1 and CBC are not recommended also see Email feedback: TLS 1.0/1.1 deprecation and SHA-1 deprecation for more on SHA1 related issues.
2 Likes
You don't create a special cert just for IPv6
Your DNS has an AAAA (IPv6) record for nextcloud domain name and when used gets the wrong cert. If you can't set up nextcloud for IP V6 maybe remove the AAAA record.
See the SSL Labs link Bruce showed
5 Likes
Disabling IPv6 was the solution for people who could not access the Nextcloud page.
Thank you, @MikeMcQ !
3 Likes
system
Closed
September 25, 2022, 6:31am
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.