Hi, I recently upgraded to nextcloud30 and nixos-24.11 from nextcloud28 (passing through 29 just to get to 30) and nixos-24.05. I was unable to download an update to the contacts app from the appstore. I uninstalled the app and was also unable to do a fresh install of contacts.
I ended up installing contacts via extraApps
in my configuration and didn’t save the error message, but I have since seen the same error elsewhere. I also installed the RePod app, and fetching various podcast feeds fails with some kind of SSL error from curl. For example:
cURL error 60: SSL: no alternative certificate subject name matches target hostname 'feeds.acast.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://feeds.acast.com/public/shows/65e15188b8456c00169f4864
This was the same error I saw when installing the contacts app except the domain was github.com. I did not try to install any other apps from the appstore. Some podcast feeds did work, for example https://feeds.buzzsprout.com/1790481.rss
.
None of the problem urls seemed to fail when I did a curl
request from the command line. I even tried a curl request in a php one-liner and got expected content back. I also tried to specify phpPackage = pkgs.php82
(a downgrade) for nextcloud but the error persisted.
The full error for a failed podcast feed is below. Haven’t noticed any other issues with Nextcloud or any other SSL issues in other services. I’m a bit stuck at the moment, not sure if this is a bug, I haven’t seen any other report of this. I didn’t have the RePod app installed on my old nextcloud28 setup but had been able to install the contacts app via the appstore. Except for the apps, my config (below) was the same.
Full error:
Dec 27 14:20:37 myhost Nextcloud[20452]: {"reqId":"SiEFGbcjMrI7UHTJTdjO","level":3,"time":"2024-12-27T14:20:37+00:00","remoteAddr":"4.1.123.226","user":"myuser","app":"index","method":"GET","url":"/apps/gpoddersync/personal_settings/podcast_data?url=https%3A%2F%2Ffeeds.acast.com%2Fpublic%2Fshows%2F65e15188b8456c00169f4864","message":"{\"Exception\":\"GuzzleHttp\\\\Exception\\\\RequestException\",\"Message\":\"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'feeds.acast.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://feeds.acast.com/public/shows/65e15188b8456c00169f4864\",\"Code\":0,\"Trace\":[{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php\",\"line\":158,\"function\":\"createRejection\",\"class\":\"GuzzleHttp\\\\Handler\\\\CurlFactory\",\"type\":\"::\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php\",\"line\":110,\"function\":\"finishError\",\"class\":\"GuzzleHttp\\\\Handler\\\\CurlFactory\",\"type\":\"::\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php\",\"line\":47,\"function\":\"finish\",\"class\":\"GuzzleHttp\\\\Handler\\\\CurlFactory\",\"type\":\"::\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Middleware.php\",\"line\":142,\"function\":\"__invoke\",\"class\":\"GuzzleHttp\\\\Handler\\\\CurlHandler\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/private/Http/Client/DnsPinMiddleware.php\",\"line\":149,\"function\":\"GuzzleHttp\\\\{closure}\",\"class\":\"GuzzleHttp\\\\Middleware\",\"type\":\"::\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php\",\"line\":35,\"function\":\"OC\\\\Http\\\\Client\\\\{closure}\",\"class\":\"OC\\\\Http\\\\Client\\\\DnsPinMiddleware\",\"type\":\"->\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Middleware.php\",\"line\":31,\"function\":\"__invoke\",\"class\":\"GuzzleHttp\\\\PrepareBodyMiddleware\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php\",\"line\":71,\"function\":\"GuzzleHttp\\\\{closure}\",\"class\":\"GuzzleHttp\\\\Middleware\",\"type\":\"::\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Middleware.php\",\"line\":66,\"function\":\"__invoke\",\"class\":\"GuzzleHttp\\\\RedirectMiddleware\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php\",\"line\":75,\"function\":\"GuzzleHttp\\\\{closure}\",\"class\":\"GuzzleHttp\\\\Middleware\",\"type\":\"::\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Client.php\",\"line\":333,\"function\":\"__invoke\",\"class\":\"GuzzleHttp\\\\HandlerStack\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Client.php\",\"line\":169,\"function\":\"transfer\",\"class\":\"GuzzleHttp\\\\Client\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Client.php\",\"line\":189,\"function\":\"requestAsync\",\"class\":\"GuzzleHttp\\\\Client\",\"type\":\"->\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/private/Http/Client/Client.php\",\"line\":205,\"function\":\"request\",\"class\":\"GuzzleHttp\\\\Client\",\"type\":\"->\"},{\"file\":\"/nix/store/alzp0vgx0nqaprqvakdivk3cf1qdz4xm-nextcloud-app-gpoddersync-3.11.0/lib/Core/PodcastData/PodcastDataReader.php\",\"line\":78,\"function\":\"get\",\"class\":\"OC\\\\Http\\\\Client\\\\Client\",\"type\":\"->\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/nix/store/alzp0vgx0nqaprqvakdivk3cf1qdz4xm-nextcloud-app-gpoddersync-3.11.0/lib/Core/PodcastData/PodcastDataReader.php\",\"line\":53,\"function\":\"fetchUrl\",\"class\":\"OCA\\\\GPodderSync\\\\Core\\\\PodcastData\\\\PodcastDataReader\",\"type\":\"->\"},{\"file\":\"/nix/store/alzp0vgx0nqaprqvakdivk3cf1qdz4xm-nextcloud-app-gpoddersync-3.11.0/lib/Core/PodcastData/PodcastDataReader.php\",\"line\":39,\"function\":\"fetchPodcastData\",\"class\":\"OCA\\\\GPodderSync\\\\Core\\\\PodcastData\\\\PodcastDataReader\",\"type\":\"->\"},{\"file\":\"/nix/store/alzp0vgx0nqaprqvakdivk3cf1qdz4xm-nextcloud-app-gpoddersync-3.11.0/lib/Controller/PersonalSettingsController.php\",\"line\":62,\"function\":\"getCachedOrFetchPodcastData\",\"class\":\"OCA\\\\GPodderSync\\\\Core\\\\PodcastData\\\\PodcastDataReader\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/private/AppFramework/Http/Dispatcher.php\",\"line\":208,\"function\":\"podcastData\",\"class\":\"OCA\\\\GPodderSync\\\\Controller\\\\PersonalSettingsController\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/private/AppFramework/Http/Dispatcher.php\",\"line\":114,\"function\":\"executeController\",\"class\":\"OC\\\\AppFramework\\\\Http\\\\Dispatcher\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/private/AppFramework/App.php\",\"line\":161,\"function\":\"dispatch\",\"class\":\"OC\\\\AppFramework\\\\Http\\\\Dispatcher\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/private/Route/Router.php\",\"line\":302,\"function\":\"main\",\"class\":\"OC\\\\AppFramework\\\\App\",\"type\":\"::\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/lib/base.php\",\"line\":1003,\"function\":\"match\",\"class\":\"OC\\\\Route\\\\Router\",\"type\":\"->\"},{\"file\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/index.php\",\"line\":24,\"function\":\"handleRequest\",\"class\":\"OC\",\"type\":\"::\"}],\"File\":\"/nix/store/ym1azrka93j449v130vcfjdsdffsrl43-nextcloud-30.0.4/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php\",\"Line\":211,\"message\":\"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'feeds.acast.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://feeds.acast.com/public/shows/65e15188b8456c00169f4864\",\"exception\":{},\"CustomMessage\":\"cURL error 60: SSL: no alternative certificate subject name matches target hostname 'feeds.acast.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://feeds.acast.com/public/shows/65e15188b8456c00169f4864\"}","userAgent":"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36","version":"30.0.4.1"}
My Nextcloud config is:
{ config, pkgs, ... }:
{
services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
forceSSL = true;
enableACME = true;
};
nixpkgs.overlays = [
(final: prev: {
nextcloud30Packages = prev.nextcloud30Packages.overrideScope (pfinal: pprev: {
apps = pprev.apps.extend (afinal: aprev: {
"contacts" = prev.fetchNextcloudApp {
sha256 = "Slk10WZfUQGsYnruBR5APSiuBd3jh3WG1GIqKhTUdfU=";
url = "https://github.com/nextcloud-releases/contacts/releases/download/v6.1.2/contacts-v6.1.2.tar.gz";
license = "agpl3Plus";
};
});
});
})
];
services.nextcloud = {
enable = true;
hostName = "nextcloud." + config.networking.domain;
https = true;
package = pkgs.nextcloud30;
home = config.variables.storagePath + "/nextcloud";
extraApps = {
inherit (pkgs.nextcloud30Packages.apps) calendar contacts gpoddersync integration_paperless;
"repod" = pkgs.fetchNextcloudApp {
sha256 = "L02wnQO68UjYFaTZWFZsnttDBFXbitq/2xTaqU1y2zs=";
url = "https://git.crystalyx.net/Xefir/repod/releases/download/3.5.1/repod.tar.gz";
license = "agpl3Plus";
};
};
database.createLocally = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminpassFile = config.age.secrets."${config.services.nextcloud.hostName}_nextcloud-adminpass".path;
adminuser = "<redacted>";
};
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureUsers = [ {
name = "nextcloud";
ensureDBOwnership = true;
} ];
};
services.postgresqlBackup = {
databases = [ "nextcloud" ];
};
}
The overlay is just a fix for a broken hash which hasn’t made it into 24.11.