Network requests failed error with Nextcloud 20

You use different certificates!
From externel you get the Let's Encrypt and everything is fine, but intern from your LAN you got the wrong certificate. This is what I see from the openssl output and that is also the problem!

One conclusion:
The call from external and internal point to different endpoints!?
Or there are different configurations, depending on where the request comes from.

This is a configuration problem on your side.
If there will be a configuration to ignore SSL errors on mobile clients I can't say.
But ignoring SSL errors is not a good idea, because you can almost use HTTP again ...

Actually, it is a nightmare ! on my desktop, I changed manualy my DNS provider (8.8.8.8).
openssl is now failing:

openssl s_client -showcerts -servername nextcloud.host.mydomain.fr -connect nextcloud.host.mydomain.fr:443
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 309 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

LOGS:
Looking at nginx logs, when using geocerts web site, I can see the following:
̀ [03/Jan/2021:16:27:48 +0000] "HEAD / HTTP/1.1" 302 0 "-" "GeoCerts SSL Check / 0.0.1 (https://www.geocerts.com/)"

But nothing appears when using openssl command.

OK, I don't know your network.
I'll just assume it's set up something like this.

grafik

  1. 192.168.1.1
  2. 192.168.1.10
  3. 192.168.1.50

red) To reach the nextcloud.host.mydomain.fr from the WAN, you have configuard a NAT. WANIP:445 -NAT-> 192.168.1.10:445 on your WAN interface

green option 1) You have configuard nextcloud.host.mydomain.fr to 192.168.1.10 on your PiHole
Then all clients who have the PiHole as DNS server in the internal network can reach nextcloud.host.mydomain.fr on 192.168.1.10

green option 2) You have configuard a NAT from intern WANIP:445 -NAT-> 192.168.1.10:445 on your LAN interface.
Then clients can then connect from LAN through the NAT connection when you open nextcloud.host.mydomain.fr:445 witch point to your WANIP.

@JackGruber, again, thank you for your help, it is really nice, you don't give up ! :wink:
Network diagram is correct, you can just add another host for pihole. It is green option 1. My router is the internet provider box and NAT cannot be managed (thus the NAT hairpinning issue, and why I setup pihole to manage DNS).
And this is probably what was happenning with the openssl command yesterday : with outside DNS, I face the same NAT loopback as earlier, the router block IP message with local source & destination address. At least that makes sense to me !
When using local DNS, I don't know from where that self-signed certificate comes from. May be created by default by nginx at setup ?
-=-
Anyway, things are clearer now. Joplin does not manage self signed certificate, thus my issue. I have to look after this now, and see if this is going to change one day.

To end that long thread, with the help of @JackGruber, here is the solution to make Joplin work on my local network.
My network diagram is like the following:


FACTS :

  • Reverse Proxy and Nexcloud server are on the same box (2 docker containers).
  • Certificate is installed on Reverse Proxy (nginx).

PROBLEM:
When using webdav URL provided by Nextcloud, I access directly to Nextcloud server (port 443) and therefore bypassing Let's Encrypt certificate. Thus the issue "Networkd request failed".
SOLUTION:
I modified the Webdav URL from
https://nextcloud.my.domain/remote.php/dav/files/username/joplin
to
https://nextcloud.my.domain:444/remote.php/dav/files/username/joplin
Specifying port 444 makes the Joplin sync work !
-=-
I hope this will be useful for someone else. Big thanks to JackGruber !