NextCloud has worked without fail for a very long time. I was just advised that users are getting the error message
"Internal Server Error. The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.
Remote Address: xxx.xxx.xxx.xxx
Request ID: wOMkXbxD4jzpS8nsNQ76"
I checked the logs and see “Start TLS failed, when connecting to LDAP host host.domain.com .”
It appears that the Docker instance of NextCloud can no longer reach the LDAP server.
What should I look at to fix this?
John
hi,
may you open your nextcloud container
docker exec -it CONTAINER ID bash
go to:
/var/www/hml
and send the result from:
sudo -u www-data php occ ldap:test-config
check also any database connection “errors” in those messages.
See you there
sambila, thank you for your first steps in diagnosing this. When I run the command you suggested, I receive the error that Start TLS failed when connecting to LDAP host.
I get the same Start TLS error when I search for a user:
It appears that my connection between the Docker container and the LDAP server is broken. The LDAP server is running properly and serves the correct information for the Kopano mail system, etc.
Is there a straight forward way to configure the LDAP connection from the Docker nextcloud container?
Checking the file cert.perm:
Is there any chance that the ssl cert for this Docker container is the problem:
I note that the expiration date is Oct 7,2024.
If so, how do I refresh it?
Hot topic
Sometimes it’s neccessary to also create signed certificates for non-UCS systems in a domain. This also becomes more common and also more needed due to communication is often SSL encrypted nowadays.
For such purposes UCS comes with a propriate command set which makes it easy to fullfil the task.
The following command creates a signed certificate for the given server FQDN:
root@ucs-master:~# univention-certificate new -name "another-server.$(dnsdomainname)"
Creating certificate: another-server…
Please let me know, If there is anything else with nextcloud itself afterwards.
did you run univention-app update-certificates on the ucs server to renew the app certificate after renewing the ucs root cert ?
see:
Communication between the different systems in a UCS domain is largely SSL encrypted. A root certificate and host certificate for each computer are required for the SSL encryption. The root certificate is only valid for a specified period of time, as are the host certificates created with the root certificate. Once this period of time elapses, services which encrypt their communication with SSL (e.g., LDAP) no longer function. It is thus essential to verify the validity of the certificates and c…
externa1:
I now ran the “univention-app update-certificates” on the server and it did successfully run to completion.
The great news is that it did fix the TLS issue. Users can now log in!
Thank you and sambila for your help. It was invaluable!
1 Like
.