[Bug]: After upgrade to 28.0.1 errors "Your web server is not properly set up to resolve "/.well-known/caldav". occur

[TheWojtek]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

After upgrading the Nextcloud instance from 27.1.4 to 28.0.1, the server started throwing errors of:

Your web server is not properly set up to resolve "/.well-known/caldav"
Your web server is not properly set up to resolve "/.well-known/carddav"

While the server runs behind a reverse proxy, it has been configured properly for the past 3 years and has always passed the check with flying colors. It also actually does properly redirect from https://servername.com/.well-known/caldav and /carddav to https://servername.com/remote.php/dav from a browser or a https client (I am using Cocoa Rest Client on MacOS). There were never any redirection errors in this server anyway.

The upgrade was done to the exact steps of the "manual Nextcloud upgrade", which is how I always do the upgrades. The config file was transferred directly without any changes from 27.1.4 to 28.0.1.

Steps to reproduce

1. Check a 27.1.4 installation for any errors in "Administration → Overview". If none, proceed.
2. Upgrade the 27.1.4 installation to 28.0.1 using steps from "manual Nextcloud upgrade" guide.
3. Check the server upgraded to 28.0.1 in "Administration → Overview" for configuration errors.

Expected behavior

Clean (error-free) Admin Overview as it was with the version Nextcloud was upgraded from, without falsely claiming the upgraded Nextcloud instance has configuration problems.

Installation method

Community Web installer on a VPS or web space

Nextcloud Server version

28

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 22 to 23)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "default_phone_region": "PL",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "192.168.0.3",
            "***REMOVED SENSITIVE VALUE***.gotdns.ch",
            "cloud.***REMOVED SENSITIVE VALUE***.pl",
            "cloud.***REMOVED SENSITIVE VALUE***"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "skeletondirectory": "",
        "dbtype": "mysql",
        "version": "28.0.1.1",
        "overwrite.cli.url": "http:\/\/cloud.***REMOVED SENSITIVE VALUE***.pl\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "maintenance": false,
        "theme": "",
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": 0,
        "0": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "PLAIN",
        "mail_smtpauth": 1,
        "mail_smtpport": "587",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "occweb",
            "impersonate"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - approval: 1.2.0
  - circles: 28.0.0-dev
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contacts: 5.5.0
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - federatedfilesharing: 1.18.0
  - files: 2.0.0
  - files_external: 1.20.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - groupfolders: 16.0.1
  - impersonate: 1.15.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - occweb: 0.1.1
  - password_policy: 1.18.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - socialsharing_twitter: 3.0.1
  - spreed: 18.0.1
  - support: 1.11.0
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - bruteforcesettings: 2.8.0
  - encryption: 2.16.0
  - federation: 1.18.0 (installed 1.11.0)
  - files_pdfviewer: 2.9.0 (installed 2.1.0)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - nextcloud_announcements: 1.17.0 (installed 1.10.0)
  - photos: 2.4.0 (installed 1.3.0)
  - recommendations: 2.0.0 (installed 1.0.0)
  - sharebymail: 1.18.0 (installed 1.11.0)
  - suspicious_login: 6.0.0
  - twofactor_totp: 10.0.0-beta.2
  - user_ldap: 1.19.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

**Numerous erors in type below, not happening before upgrade**:

Exception
HMAC does not match.
Could not decrypt or decode encrypted session data

2023-12-24T09:24:28+00:00	

Error	PHP	
TypeError: OCA\UserStatus\Controller\UserStatusController::__construct(): Argument #3 ($userId) must be of type string, null given at /var/www/nextcloud/apps/user_status/lib/Controller/UserStatusController.php#53

Additional info

No response

[joshtrichards]

The check runs from your browser - can you check your browser console including the network tab while running a test?

This is nearly always a configuration matter.

e.g. #34737 (comment)

One thing that stands out to me in your config:

"overwrite.cli.url": "http:\/\/cloud.***REMOVED SENSITIVE VALUE***.pl\/",

Should that not be https://?

Likely unrelated but also of note:

• You have an app force enabled that doesn't support NC28 (e.g. occweb)
• This line in your config.php is bogus: "0": true,

[TheWojtek]

@joshtrichards Thank you for your response!
First, the check done from the browser. First of all - the .well-known errors have magically disappeared. I hope you don't mind it's a screenshot:

Do I have to care about the webfinger error?

The fixes I did by your suggestions:

• As per the OPCache error description, I double-checked the OPCache settings and adjusted accordingly. After a webserver restart I have no errors in regards of .well-known
• I fixed the "0": true line. Can't even remember what I tried to solve with that.
• I fixed the forced OCC Web app by disabling it.

The http in "overwrite.cli.url" was intended, as this server runs behind a reverse proxy that handles SSL and forces https on clients. The server used to resolve internally with a private IP so if set to https NC gave unexpected results of different certificates for the same server for users roaming between outside and inside the organization network. I switched the DNS to resolve the server to a public IP an will keep an eye on users' experience.

Still unresolved: the log is still plagued ("30 errors in log") with:

{"reqId":"1Jco2wEl6ILl2vtQincy","level":3,"time":"2023-12-24T09:36:26+00:00","remoteAddr":"37.128.229.42","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status","message":"TypeError: OCA\\UserStatus\\Controller\\UserStatusController::__construct(): Argument #3 ($userId) must be of type string, null given at /var/www/nextcloud/apps/user_status/lib/Controller/UserStatusController.php#53","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15","version":"28.0.1.1","data":{"app":"PHP"},"id":"658ae60209c59"}

and

{"reqId":"Pw4Xlx7Z6yOuYQ2OIAI8","level":3,"time":"2023-12-24T09:28:54+00:00","remoteAddr":"37.128.229.42","user":"--","app":"no app in context","method":"GET","url":"/index.php/apps/logreader/api/poll?lastReqId=","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15","version":"28.0.1.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/index.php","line":37,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"658ae6020bf2e"}

I would appreciate if you pointed me in the right direction with those (I assume it's not in the scope of this report). The latter might be here?

[Struppi]

I just want to add that I actually got the very same curios situation on a fresh docker installation (Nextcloud Hub 7 (28.0.1)).

10 minutes ago there was the message "Your web server is not properly set up to resolve "/.well-known/caldav"" now it's gone. Also behind a reverse proxy (nginx). and I also have those message in the error logs.

And - that's the reason I am searching about this error message - I can't share folders anymore. but only with Browsers on desktop. the Android app is still working. When I try to share I got the Message the message browser console "OC.MimeType is undefined" and the sharing dialog never appear.

[ryanhagen]

@Struppi FWIW I had this same issue, that was solved with a bug in a firewall rule that was not allowing the network to access nextcloud.com or apps.nextcloud.com. Fixed that issue, and everything magically started working.

I had the same webdav errors. I also had errors of "internet connectivity check - unable to access nextcloud.com".

[EBendinelli]

I think I'm encountering a similar issue here. I upgraded from 27.1.4 to 28.0.1. today. Ran into an issue with the online updater that left the site on maintenance mode and hade to complete the upgrade via php occ upgrade. This worked out well but I know have the follow error message: "Error occurred while checking server setup" in the admin panel

Looking at the console I'm getting a 404 on those links:

https://mysite.com/settings/ajax/checksetup
https://mysite.com/data/.ocdata?t=1704999104205
https://mysite.com/index.php/.well-known/webfinger
https://mysite.com/.well-known/nodeinfo

Nextcloud seems to be running well and logs are empty. I've run php occ integrity:check-core with no error. I haven't touched my nginx config in a while and it's very similar to the documentation one.

Edit: I've solved the error message after investigating a bit more. It seems that my /var/log/nextcloud.log file had its permission changed and was owned by root. chown www-data:www-data /var/log/nextcloud.log fixed that.

With that said I still have 3 of the 4 errors above in the console (webfinger, nodinfo and .ocdata)

[kesselb]

@TheWojtek can we close your report?

[TheWojtek]

@kesselb Yes, this error is gone now. Thank you.