Stuck in login loop

[kvannotten]

After the latest update of yesterday, I can no longer login. The app keeps redirecting me to authorize my account.

[alerque]

I've got the same problem. The app was fine before the update (4 hours ago), just a few minutes ago I saw the play store notification that it had updated it and tried it again. My Nextcloud server is up to date with the latest stable release and I can login on the web and from the desktop client (on Linux) just fine. The Android app just looks me back to the login — after what appears to be a successful login. The user/password phase seems to work, it then prompts to grant access to the app, only then does it jump back to asking for a login.

@nextcloud-android-bot None of those issues seem to be related, they are all old 2018 login related things and this appears to be a new regression in the latest release.

[tobiasKaminsky]

Is this also happening with a new account?

[kvannotten]

just tested it with a new account, still happens.

[thrawn-sh]

Same problem here. New account doesn't work either. Everything was fine before the app update. DavDroid / DavX5 still works.

[tobiasKaminsky]

Can you create us a test account, test if the problem occurs also there and if so send the credentials to tobias at nextcloud dot com with a reference to this issue?

[thrawn-sh]

@tobiasKaminsky: I've sent you an Mail with a complete fresh account, please let me know if I can do anything else.

[scho0ck]

I have the same issue with the app version 3.5.0 and Nextcloud 15.0.4 it all started to act up after the update if the android app

[alerque]

I just had a look at the Apache log files for my Nextcloud instance and don't see anything particularly useful, but maybe it will mean something to a developer. I've redacted specific values using <key> syntax, all the values with the same key are the same.

First, these lines showed up when I first opened the app and was show a login screen:

- - [15/Feb/2019:06:25:23 +0000] "GET /index.php/login/flow/grant?clientIdentifier=&stateToken= HTTP/1.1" 303 -
- - [15/Feb/2019:06:25:24 +0000] "GET /index.php/login/flow/grant?clientIdentifier=&stateToken= HTTP/1.1" 303 -
- - [15/Feb/2019:06:25:24 +0000] "GET /index.php/login?redirect_url=/index.php/login/flow/grant%3FclientIdentifier%3D%26stateToken% HTTP/1.1" 200 8525
- - [15/Feb/2019:06:25:34 +0000] "GET /index.php/core/js/oc.js?v=7c4c8bc0 HTTP/1.1" 200 4797

After entering my credentials and hitting login, these lines showed up:

- - [15/Feb/2019:06:25:50 +0000] "POST /index.php/login?redirect_url=/index.php/login/flow/grant%3FclientIdentifier%3D%26stateToken% HTTP/1.1" 303 -
- - [15/Feb/2019:06:25:51 +0000] "GET /index.php/login/flow/grant?clientIdentifier=&stateToken= HTTP/1.1" 200 6749
- - [15/Feb/2019:06:25:51 +0000] "GET /index.php/core/js/oc.js?v=7c4c8bc0 HTTP/1.1" 200 4891

Here I was show the "grant" button, after which these showed up (while the app looked like it was loading a file manager for about 20 seconds, then it dumped be back at the login screen.

- - [15/Feb/2019:06:26:14 +0000] "POST /index.php/login/flow HTTP/1.1" 303 -
- - [15/Feb/2019:06:26:15 +0000] "GET /status.php HTTP/1.1" 200 137
- - [15/Feb/2019:06:26:15 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 401 -
- [15/Feb/2019:06:26:16 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 200 -
- [15/Feb/2019:06:26:16 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 684
- [15/Feb/2019:06:26:17 +0000] "GET /ocs/v1.php/cloud/users/?format=json HTTP/1.1" 401 140
- [15/Feb/2019:06:26:18 +0000] "GET /ocs/v1.php/cloud/users/?format=json HTTP/1.1" 401 140
- [15/Feb/2019:06:26:18 +0000] "GET /index.php/avatar//235 HTTP/1.1" 304 -
- [15/Feb/2019:06:26:18 +0000] "GET /status.php HTTP/1.1" 200 137
- [15/Feb/2019:06:26:18 +0000] "POST /ocs/v2.php/apps/notifications/api/v2/push?format=json&pushTokenHash=&devicePublicKey=&proxyServer=https%3A%2F%2Fpush-notifications.nextcloud.com HTTP/1.1" 401 106
- [15/Feb/2019:06:26:20 +0000] "GET /ocs/v1.php/cloud/capabilities?format=json HTTP/1.1" 200 537
- [15/Feb/2019:06:26:22 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 401 140
- [15/Feb/2019:06:26:26 +0000] "PROPFIND /remote.php/webdav/ HTTP/1.1" 401 343 > - - [15/Feb/2019:06:26:33 +0000] "GET /status.php HTTP/1.1" 200 137
- - [15/Feb/2019:06:26:33 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 401 -
- - [15/Feb/2019:06:26:33 +0000] "GET /status.php HTTP/1.1" 200 137
- - [15/Feb/2019:06:26:34 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 401 -
- - [15/Feb/2019:06:26:34 +0000] "GET /index.php/login/flow HTTP/1.1" 200 7293
- - [15/Feb/2019:06:26:35 +0000] "GET /index.php/core/js/oc.js?v=7c4c8bc0 HTTP/1.1" 200 4799

[matrafox]

I have same issue . I have updated today the app , and no longer working. After login I am redirected to login again. The server is on a VPS locally

[thrawn-sh]

I went to the Android account settings on my phone (LinageOS) and deleted the Nextcloud account (despite of the warning that all the messages, contacts and other data will be lost). After deleting the account I went back to nextcloud app and created a new account.

It works for me, and as far as I can tell I did not loose any files on the phone or on the server.

[shani149]

I have same issue, stuck in login auth loop.

[RDominique]

Me to. Removing the account and recreating the account takes care of it (thx @ trawn-sh). Though I hope a new client can be released that automagicaly fixes the issue. I have several low-IT-capable users who can't do the account-trick themselves....

[shani149]

I can login on the web but app is not working. If I remove the user it will remove all my files? Anyway to avoid loss of user files?

[RDominique]

@shani149, remove and recreate the account on the smartphone/tablet, not on the server...

[shani149]

@RDominique that worked, thanks for explaining.

[moorsey]

Worked for me also, many thanks

Don't forget to re-enable any auto uploads, these were wiped for me after clearing the account

[matrafox]

Hello
I confirm also that if you reinstall application it won't work. However if you go to apps/settings and delete data information and reinsert the account will work. Indeed you need to re-enable the auto uploads. However the information that was made between this reinstall install, I don't see it on my server yet. Is there a way to force re-scan of the phone , or to compare again files ? Or I need to copy manually and run occ files:scan

[moorsey]

You have to manually copy anything missed from auto upload, only works on new files from when you reset the rules unfortunately

[matrafox]

Indeed unfortunately . This will be a nice feature to have I think . Also this will be nice for first install of apps to upload existing files on phone.

[mikoladz]

I am also affected by this issue. I have tried to remove application tokens, but this hasn't helped. Any solution other than removing an account (which requires setting up auto uploads again, and I have lots of them)?

[alerque]

Hey guys this is a serious problem — there are a lot of people affected and we're dead in the water. There are quite a few people that have made it to the issue tracker here, but also comments in the Play Store reviews section are starting to proliferate mentioning this issue.

One common theme (but not, apparently, exclusive) is that many of them are using ActiveDirectry for their authentication backend. In my case I'm using LDAP, and a few people seem to have this issue on internally authenticated users.

Is there anything we can do to expedite finding and fixing this? I believe this is the kind of bug that warrants and urgent hotfix point-release. I'm trying not to be too alarmist here, but even just considering my own troubles –as a long time user and advocate who has turned many people on to Nextcloud and hosts it for several teams– I am having to transfer files through other channels and am wondering about alternative platforms.

[oxivanisher]

Is there anything that we can do to help find a solution? It still bugs lots of users.
And no, re-auth every user is not really an option for lots of admins out there...

[JoCowood]

I have the same problem and I have a lot of "low-IT-capable users", too, which encouter this problem.

[devlux]

shouldn't this be labeled as "high"?

[aristaeus]

I have this problem too. I tried reinstalling the app before coming to this thread and now I can't remove my Nextcloud account from "Accounts" because it isn't there... but I still can't login to my account. A new account works just fine. Does anyone know where any remaining data might be on my phone that I can delete manually?

[monte-monte]

@benbucksch

I have modified NextCloud config.php and it now has:

But have you modified docker-copose.yml ? Because there you are pointing to port 80 and not 443.

[benbucksch]

Because there you are pointing to port 80 and not 443.

What I quoted above are my modifications to the docker-compose.yml file, yes. The rules

      - "traefik.backend=nextcloud"
      - "traefik.port=80"
      - "traefik.frontend.rule=Host:nextcloud.example.org"

tell traefik to accept HTTPS traffik on nextcloud.example.org from the Internet (line 3), and send it via HTTP to port 80 (line 2) on the docker container nextcloud (line 1).

Yes, of course traeffik communicates via HTTP and not HTTPS with NextCloud over the virtual docker network on the local host, because traefik is the HTTPS terminator and traefik has the SSL certificate. NextCloud doesn't have the SSL certificate (!). That's the whole purpose of traefik: To take care of HTTPS, acquire all the necessary certificates from Let's Encrypt and refresh them routinely, and accept the traffic from the Internet, and forward the traffic internally as HTTP - the classic role of a HTTPS terminator.

That's a completely standard configuration, nothing special here.

[monte-monte]

@benbucksch okay, I see. But my guess is that it is the root of the problem. Like the app talks to traefik or HAproxy (in my case) or any other reverse proxy, gets SSL certificate, follows to the actual nextcloud server and it somehow signals, that it doesn't use SSL in fact.
I am no expert and can't say, how true can it be. But HAproxy for example can connect internally using even self signed cert. So INTERNET > valid cert > HAproxy > invalid cert > Nextcloud.
I will try it and report if this changes anything.

[monte-monte]

Well, okay, you can't do this, because included nginx apparently does not have any SSL certificate, nor is it set to listen on port 443.
So if my theory is correct (doubtfully) then the default docker image is misconfigured for what exactly server needs.

[benbucksch]

the default docker image is misconfigured

Yes, I think so as well.

(That said, if even the creators of the standard docker image made this mistake, who should be the experts, then I'd argue that the configuration of NextCloud is the trip-wire here and NextCloud should detect this situation automatically, given the severity of the effects.)

[vgdh]

Because there you are pointing to port 80 and not 443.

What I quoted above are my modifications to the docker-compose.yml file, yes. The rules

      - "traefik.backend=nextcloud"
      - "traefik.port=80"
      - "traefik.frontend.rule=Host:nextcloud.example.org"

tell traefik to accept HTTPS traffik on nextcloud.example.org from the Internet (line 3), and send it via HTTP to port 80 (line 2) on the docker container nextcloud (line 1).

Yes, of course traeffik communicates via HTTP and not HTTPS with NextCloud over the virtual docker network on the local host, because traefik is the HTTPS terminator and traefik has the SSL certificate. NextCloud doesn't have the SSL certificate (!). That's the whole purpose of traefik: To take care of HTTPS, acquire all the necessary certificates from Let's Encrypt and refresh them routinely, and accept the traffic from the Internet, and forward the traffic internally as HTTP - the classic role of a HTTPS terminator.

That's a completely standard configuration, nothing special here.

Its work well for me.

docker-compose

Services:
nextcloud-app:
container_name: nextcloud-server
image: nextcloud:20.0.2-apache
stdin_open: true
tty: true
restart: always
depends_on:
- nextcloud-db
- onlyoffice-app
expose:
- '80'
networks:
- nextcloud_net
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:blablabla.com,localhost; ReplacePathRegex: ^/.well-known/(?:caldav|carddav)(.*) /remote.php/dav$$1"
- "traefik.frontend.headers.customResponseHeaders=Strict-Transport-Security:15552000"
traefik:
container_name: traefik
image: traefik:1.7.21
restart: always
depends_on:
- nextcloud-app
- nextcloud-db
- onlyoffice-app
ports:
- 80:80
- 443:443
networks:
- nextcloud_net

TOML

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]

[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.redirect]
regex = "^https://www.(.*)"
replacement = "https://$1"
permanent = true
[entryPoints.https.tls]
[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "blablabla.com"
watch = true
exposedByDefault = false

[acme]
email = "blablabla@blablabla.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

[RMcNeely]

I recently set up NextCloud with Docker over the holidays and ran into this problem as well when I downloaded the Android app. I'm using the 2.x version of traefik so my setup is a little different but the same in principle (traefik with lets encrypt proxying my nextcloud instance with redirects for https). Setting up SSL redirects for the middleware in Traefik 2.x fixed the problem for me however and I was able to log in just fine without resorting to scanning a QR code.

Here's the relevant section from my docker-compose file:

75   nextcloud:
76     image: nextcloud:20-apache
77     container_name: nextcloud
78     restart: always
79     labels:
80       - "traefik.enable=true"
81       - "traefik.http.routers.nextcloud.rule=Host(`cloud.mcneely.duckdns.org`)"
82       - "traefik.http.routers.nextcloud.entrypoints=web"
83       - "traefik.http.routers.nextcloud.entrypoints=secure"
84       - "traefik.http.routers.nextcloud.tls.certresolver=duck"
85       # Middlewares for Nextcloud
86       - "traefik.http.routers.nextcloud.middlewares=nextcloud@docker"
87       - "traefik.http.routers.nextcloud.middlewares=nextcloud-caldav@docker"
88       # HTTPS redirect 
89       - "traefik.http.middlewares.nextcloud.redirectscheme.scheme=https"
90       - "traefik.http.middlewares.nextcloud.redirectscheme.permanent=true"
91       - "traefik.http.middlewares.nextcloud.headers.sslredirect=true"
92       # Redirect rules for CalDev
93       - "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true"
94       - "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
95       - "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$${1}/remote.php/dav/"

Not listed are the ENV variables I've set for TRUSTEDPROXIES, OVERWRITEHOST, and OVERWRITEPROTOCAL. I'm not sure this is ultimate solution but it does make sense based on Traefik being the http terminator. In my logs I can now see a clean 200 response for "GET /index.php/csrftoken HTTP/1.1"

[benbucksch]

FWIW, not sure whether that matters, but I entered the https: URL in the Android client, not http:.

[rfreytag1]

This still seems to be an issue occasionally. Sometimes it'll say it can't connect repeatedly for no apparent reason. Other times it'll just throw you in a loop for a couple of rounds. It's kinda annoying. Sometimes I also get logged out.

NextCloud Server: 20.0.7 running behind Nginx(all configured according to the docs) with php-fpm on Arch Linux.

[mostepunk]

I fixed it!

In my case I use nextcloud:apache reverse proxy nginx on vps and opened port e.g. 7443

I created ssl certificate like in this tutorial

• Created volume .certs:/certs
• Mount ports 7443:443
• Change owner recursevely to www-data:www-data for these scripts and ssl certs
• Change recursevely 777 rights (may be it's not the best solution) to /certs
• proxy_pass from nginx vps to port 7443

  proxy_pass http://ip_address:7443/

• and after nextcloud image starts I connect to docker and run scripts for setting ssl certs into apache for redirect

And after that I logged in by login/pass successfully

In the tutorial author used separate Dockerfile, but I don't need it at the moment. When I made like in this tutorial, I had permission denied to my database image, because I've created my users in DB and I didn't want to clean all the data and re-create it again. I'll make some script, that will run automatically after container creates

P. S. Sorry for my broken English :)

[EasyNetDev]

Hi all,

Yestarday I got this anoying issue with my Nextcloud Android Client (version 3.18.0 RC1).
I'm using my server hosted on Apache2 without any proxy in front of the server. Simple setup.
I'm running Nextcloud 22.2.0 version.
Yesterday I notice a message on my Android Client which says Server not avaiable. Try to fix the issue I disconnct the client, reinstall it and try it to log in. Each time I'm ending in "Grant Access" button which shows me a circle circling forever.
If I'm pressing again "Grant Access" is returning me back to the login page.
I tried to use "Devices & sessions" and create a app pass. Even the QRCode is readed by the app and putting the correct URL, tring to go to next step is says "couldn't find the server".
I copied the link, started allover again, paste the previous link .. suprise! The link is good!
I tried to log in with user and token and the result is the same as user and pass flow.
I don't know what to do! I tried also the Nextcloud Client dev (version 20211024) form F-droid and I got the same behavior.

Ultil yesterday,everything was fine. I can't find anything suspicios in log neither.

My server is running SSL.

There is a way to fix this issue?

[mostepunk]

Hi @EasyNetDev!
Did you read this article?
After that, login will work nice.

[EasyNetDev]

Hi @fanishe,

Thanks for your sugestion.
I tried that tutorial and I added these SSL parameters in Apache, I restarted but not luck. Same issue.
Because I'm not using docker, I did only the SSL configuration.

I'm in a death end.

[mostepunk]

@EasyNetDev what is your configuration? What is your url?

[EasyNetDev]

Hi @fanishe ,

My config.php looks like this:

<?php
$CONFIG = array (
  'instanceid' => 'INSTANCE_ID',
  'passwordsalt' => 'PWDSALT',
  'secret' => 'SECRET',
  'trusted_domains' =>
  array (
    0 => 'nextcloud.MYDOMAIN.dev',
  ),
  'datadirectory' => '/var/Storage/nextcloud',
  'overwrite.cli.url' => 'https://nextcloud.MYDOMAIN.dev',
  'overwritehost' => 'nextcloud.MYDOMAIN.dev',
  'overwriteprotocol' => 'https',
  'forcessl' => true,
  'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED',
    1 => 'HTTP_FORWARDED_FOR',
  ),
  'trusted_proxies' =>
  array (
    0 => 'localhost',
  ),
  'dbtype' => 'mysql',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'DBUSER',
  'dbpassword' => 'DBPASS',
  'installed' => true,
  'logtimezone' => 'Europe/Bucharest',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => 1,
  'maintenance' => false,
  'theme' => '',
  'version' => '22.2.0.2',
  'mail_from_address' => 'NextCloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'MYDOMAIN.dev',
  'mail_smtphost' => 'smtp.MYDOMAIN.dev',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'devices_auth@MYDOMAIN.dev',
  'mail_smtppassword' => 'SMTPPASS',
  'mail_smtpsecure' => 'tls',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 0,
    'password' => '',
    'dbindex' => 0,
  ),
  'updater.release.channel' => 'stable',
  'app_install_overwrite' =>
  array (
    0 => 'end_to_end_encryption',
    1 => 'twainwebscan',
    2 => 'files_snapshots',
  ),
  'has_rebuilt_cache' => true,
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,
  'default_phone_region' => 'RO',
  'csrf.optout' => array (
#        '/^WebDAVFS/', // OS X Finder
#        '/^Microsoft-WebDAV-MiniRedir/', // Windows webdav drive
        0 => '/Nextcloud-android/',
  ),
);

csrf.optout I added this morning after I read other similar issues.

And the apache config for nextcloud looks like this:

/etc/apache2/sites-enabled/nextcloud:SSL.conf :

<IfModule mod_ssl.c>

        <VirtualHost _default_:443>
                ServerAdmin noc@MYDOMAIN.dev

                ServerName nextcloud.MYDOMAIN.dev

                DocumentRoot /var/www/nextcloud
                <Directory "/var/www/nextcloud">
                    Options +FollowSymLinks
                    AllowOverride All

                    <IfModule mod_dav.c>
                      Dav off
                    </IfModule>

                    SetEnv HOME /var/www/nextcloud
                    SetEnv HTTP_HOME /var/www/nextcloud
                </Directory>

                <IfModule mod_headers.c>
                    Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
                </IfModule>

                <Directory "/var/www/nextcloud/data/">
                  # just in case if .htaccess gets disabled
                  Require all denied
                </Directory>

                <Directory "/var/lib/nextcloud/data/">
                  # just in case if .htaccess gets disabled
                  Require all denied
                </Directory>

                <FilesMatch "\.php$">
                    SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost/"
                </FilesMatch>

#               <Directory /var/www/nextcloud/>
#                   Options +FollowSymLinks
#                   AllowOverride All
#                   <IfVersion < 2.3>
#                       order allow,deny
#                       allow from all
#                   </IfVersion>
#                   <IfVersion >= 2.3>
#                       Require all granted
#                   </IfVersion>
#               </Directory>

                <IfModule mod_headers.c>
                      Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
                </IfModule>

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                SSLCertificateFile      /etc/letsencrypt/live/nextcloud.MYDOMAIN.dev/cert.pem
                SSLCertificateKeyFile   /etc/letsencrypt/live/nextcloud.MYDOMAIN.dev/privkey.pem
                SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.MYDOMAIN.dev/fullchain.pem

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

                # Enable HTTP2
                <IfModule mod_http2.c>
                        Protocols h2 http/1.1
                </IfModule>

        </VirtualHost>


</IfModule>

And the apache logs for access are this:

192.168.55.193 - - [29/Oct/2021:14:00:06 +0300] "POST /index.php/login/flow HTTP/1.1" 303 1372 "-" "Oneplus IN2013 (Android)"
192.168.55.193 - - [29/Oct/2021:14:00:06 +0300] "GET /status.php HTTP/1.1" 200 7250 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.18.0 RC1"
192.168.55.193 - - [29/Oct/2021:14:00:06 +0300] "HEAD /remote.php/dav HTTP/1.1" 401 983 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.18.0 RC1"
192.168.55.193 - - [29/Oct/2021:14:00:06 +0300] "GET /ocs/v2.php/cloud/user?format=json HTTP/1.1" 200 7762 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.18.0 RC1"

[mostepunk]

@EasyNetDev
Show me output of the command

ls -lah  /etc/letsencrypt/live/nextcloud.MYDOMAIN.dev

[EasyNetDev]

@fanishe,

Here is the output:

# ls -lah  /etc/letsencrypt/live/nextcloud.MYDOMAIN.dev/
total 12K
drwxr-xr-x 2 root root 4.0K Oct 12 22:01 .
drwx------ 5 root root 4.0K Jul 15  2020 ..
lrwxrwxrwx 1 root root   46 Oct 12 22:01 cert.pem -> ../../archive/nextcloud.MYDOMAIN.dev/cert11.pem
lrwxrwxrwx 1 root root   47 Oct 12 22:01 chain.pem -> ../../archive/nextcloud.MYDOMAIN.dev/chain11.pem
lrwxrwxrwx 1 root root   51 Oct 12 22:01 fullchain.pem -> ../../archive/nextcloud.MYDOMAIN.dev/fullchain11.pem
lrwxrwxrwx 1 root root   49 Oct 12 22:01 privkey.pem -> ../../archive/nextcloud.MYDOMAIN.dev/privkey11.pem
-rw-r--r-- 1 root root  692 Feb 16  2020 README

The certificates are good. On web I can login without issues.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:09:0e:09:60:c2:9d:5e:fd:38:7e:ef:0c:74:76:d4:7a:f0
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Oct 12 18:01:31 2021 GMT
            Not After : Jan 10 18:01:30 2022 GMT
        Subject: CN = nextcloud.MYDOMAIN.dev
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:

[mostepunk]

@EasyNetDev try to change certificate's ownership from root:root to www-data:www-data. It should work

[EasyNetDev]

Hi @fanishe,

I'm 100% sure is not this. Nextcloud is not reading the certificate. Apache2 is the one which is reading the certificate.
As I mention before: 2 days ago Android Client worked the same. As you can see nothing changed in the certificate from 12 October.

Anyway I tried your suggestion to change the owner and group to www-data:www-data and still is not working. Apache should complain about permissions for the certificates, not Nextcloud. Nextcloud is running under Apache2 -> PHP.

Kind regards,
Adrian

[ketchmeup]

same here, nextcloud client (android) and 401 auth.
+1

[azukaar]

I have the same issue, I have followed the Traefik config provided in many different places (including the one provided earlier by @RMcNeely, thanks you!) I can login from Web, and From the Windows client, but the Android client seems broken and unable to login.

I have done all the usual things, OVERWRITEHOST and PROTOCOLS are set, I have the TRUSTED PROXY set too, certificate valid, my config.php reflect those too, and I have no warnings in the overview

It also eventually crashes:

https://pastebin.com/8dvx12Fp

[chenweiask]

I occured the same issue and solved by adding a statement in config.php.

'overwriteprotocol' => 'https',

Below is a screenshot.

The reason why I think of this method is because I find when I download shared file, the link is start with 'http' instead 'https' used to. So I guess the new release has some issue in identifying a ssl connection which is a mandate for mobile app login.
My method may not a cure to your situation. But if you solve the issue by this, please leave your message and let others know.

[joshtrichards]

Closing this as it's quite old, hasn't seen new traffic >1 year, has multiple root causes mingled, was addressed, and too many things have changed. If you experience anything resembling this issue please open a dedicated issue with info on your environment/situation so it can be triaged appropriately. Thanks!