Legitimation issues

Dear all,

I’ve installed murena self hosted cloud on a Hetzner CX21 (2 CPU, 4 GB RAM). Installation went fine. I added an account via welcome.domain.tld but I have issues with that user. I cannot add an account with that user in /e/os (no CalDAV/CardDAV server found), I cannot connect to talk, I cannot connect to Nextcloud app on Android (http status 401 error) and I cannot even connect to online accounts in Ubuntu (not able to legitimate). When I add a user manually in Nextcloud/ecloud in the browser, everything works fine. As like the integration of the “welcome.domain.tld”-added accounts, anyone who can help?


Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

i’ll try to reproduce on a fresh test instance.

It could be a certificate issue, but I am not an expert at all…

Not that simple, unfortunately.
It’s something around Nextcloud tokens management, quite difficult to debug :confused:

I just set up a self hosted server as well. Works fine with the web browser, but will not connect with the Nextcloud client for Linux. I then tried connecting an /e/ OS phone and despite having the correct username and password, it said it was invalid, and when I asked for the debugging info the filename was DAVx5, so that is probably where the error is. I am on Linode with a shared 4cpu 8 GB VPS.

Working fine with
Long hours of “diff” ahead! :confused:

@Epsilon @erothoff could you please try :

cd /mnt/repo-base && docker-compose exec -u www-data nextcloud php occ config:system:set main_domain

→ should reply “System config value main_domain set to empty string”

Then retry adding an account to a /e/ device (tested with “Murena.io” or “Nextcloud” account type)
Note: for “Murena.io” account type, no need to click on “Use a specific server” if you provide user email address :wink:

Just tested on a freshly installed NC25, without even login on NC web interface first.
If working for you, I’ll open a Gitlab issue.

Great job. Tested a few different ways and it works. Just some notes, Signin doesn’t work with just the username and you putting the server down below. You HAVE to put the full email address for the user name. Also, you need to what what account you are logged into in the default browser on your computer when installing Nextcloud app. I almost connected the wrong account as it assumed the account that was logged in using the default browser. If no one was logged in, it gave an option to sign in, but not to change. (Just an FYI.)

Now I found another problem. I can not send email with either Thunderbird, website or /e/ OS. I get the following error message:

This is the mail system at host mail.$DOMAIN. I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system erothoff@XXXX.XXX: host mail.$DOMAIN[] said: 550-Verification failed for <erothoff@$DOMAIN> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command)

Yes I changed the Host Domain to $DOMAIN, Sent to Domain to XXXX.XXX and Home domain from actual to Not sure if I needed to, but wanted to be safe.

Afterwards I thought maybe it was because it was an old account, but I created a new account and the same problem. Interesting note: It sends the activation email, and the welcome email fine. Just not the emails you send from a created account.

You really have some strange issues… Please open another thread, as this is probably a separate problem.

Didn’t happen to me :confused:
I’ll try to reproduce…

I forgot to reboot the server, but that didn’t help anyways. I can send email WITHIN the server, (In the $DOMAIN) but not going out. I can try a reinstall again this evening.

I couldn’t reproduce :confused:
Furthermore, I can’t figure out how desktop browser and Android device sessions can be messed up.

I agree, a complete re-install could solve your problems!

Please try this for cleanup:

  • cd /mnt/repo-base
  • docker-compose down
  • cd
  • docker system prune -a
  • rm -rf /mnt/repo-base

You may also reboot your server before launching install, as a matter of precaution.

When asked, please reply only to the first domain query (“management”), leave “additional domains” empty.
Also, it is a good practice to have “alternative email” outside of your domain (please use a valid one).

At the end, you’ll just have to replace your domain DNS DKIM record with the one displayed to you (check DMARC & SPF, they should not need to be changed).

The mail._domainkey was different, but couldn’t see it all. So I tried installing again, and got an error that I got too many certificates for my domain in the last few days. I will try again with another domain tonight. (The SPF and DMARC were the same though. Just the mail._domainkey was different.)

Created a new server. Still had to use:

cd /mnt/repo-base && docker-compose exec -u www-data nextcloud php occ config:system:set main_domain

to be able to log in using /e/ OS or Nextcloud Desktop Client. (Could log in using the web browser.)

When trying to send an email, I now get:

The mail system

erothoff@SEND.DOMAIN: host mail.SEND.DOMAIN[xxx.xxx.xxx.xxx] said:
550-“JunkMail rejected - mail.$DOMAIN [yyy.yyy.yyy.yyy]:36014 is in
an 550-RBL on csi.cloudmark.com/reset-request/?ip=yyy.yyy.yyy.yyy, see Poor
550 Reputation Sender” (in reply to RCPT TO command)

The maybe just because I setup the reverse DNS and DNS right before creating the server, so it may not have populated yet. I will try again tomorrow. (FYI SEND.DOMAIN is just a variable for the domain I was sending to, $DOMAIN is just the variable for the domain of the new server, xxx.xxx.xxx.xxx is just the variable for the IP address for the SEND.DOMAIN, and yyy.yyy.yyy.yyy is just the variable for IP address of the server.)

Yes, I didn’t open the Gitlab issue yet, so Murena team isn’t aware and the code didn’t change :wink:

Your VPS hosting may have provided you with a former spammer IP address :confused:
You can try to remove it from RBL tables with the link in the message.

Th good news is, the strange error you faced with other instance seems to have vanished!

Never seen that, but it makes sense that Let’s Encrypt has a throttle mechanism :wink:
Please read https://letsencrypt.org/docs/duplicate-certificate-limit/ and https://community.letsencrypt.org/t/help-too-many-certificates-already-issued/136607/6.

I’m wondering: is the 2nd server also Linode VPS of same flavor than the 1st?
If it isn’t, we could assume that Linode may not be suitable for selfhosted Murena cloud…

The are both Linode VPS servers. And the new one did finally work. It wasn’t the DNS, but that it had been previously reported as a spammer. Got that taken off the list an hour ago. Sunday, I will try the first server, but my guess is that it will work. As I do that, I will also write down what changes from the Readme I had to do, so we can get that up to date. But thanks for all the help.

1 Like

Meanwhile, I opened the Gitlab issue: https://gitlab.e.foundation/e/backlog/-/issues/7338.