DAAccountValidationDomain:100 problem with nextcloud and iOS

Peter · April 13, 2025, 1:14pm

Hello,
I am desperate. I have been trying for months to run nextcloud on Truenas. The installation itself is quite easy, also installation of Letsencrypt certificate is successful. Since I only want to access it locally, I haven’t bothered with external access yet. However, I have the problem that I can’t get the calendar and contacts sync to work on MacOS and iOS. I always get the error DAAccountValidationDomain:100.
There is a note here that you still have to store SRV and TXT entries: https://help.nextcloud.com/t/ios-caldav-carddav-domain-daaccountvalidationdomain-error-100/206241/8
I did that, without success.
I then reinstalled Truenas 25.04-RC.1.
And now configured the nginx proxy manager for external access with DynDNS. Everything works so far.
But I still get the error message when I try to install the profile on MacOS. A manual installation of the accounts for calendar and contacts on MacOS also fails.
2FA is not switched on, which can allegedly also lead to problems with Apple devices.
Network configuration:
Fritz!Box with DynDNS, port forwarding 80 and 443 to nginx proxy manager (also on truenas)
NginxProxyManager forwards next.mydomain.com on port 30027 on truenas-server with letsencrypt certificate.
The nextcloud sync app works without problems, but calendar and contact does not sync.

How do I proceed? Debugging possibilities? Where are useful log files?

here my config of nextcloud:
Operating system: Linux 6.12.15-production+truenas #1 SMP PREEMPT_DYNAMIC Mon Mar 10 18:36:15 UTC 2025 x86_64

Webserver: Apache/2.4.62 (Debian) (apache2handler)

Database: pgsql PostgreSQL 17.4 (Debian 17.4-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit

PHP version: 8.3.20

Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, hash, iconv, json, mbstring, SPL, session, PDO, pdo_sqlite, standard, posix, random, Reflection, Phar, SimpleXML, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apache2handler, apcu, bcmath, exif, ftp, gd, gmp, igbinary, imagick, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, sysvsem, zip, Zend OPcache

Nextcloud version: 31.0.2 - 31.0.2.1

The provider for my domain is Ionos. DynDNS and certificate in NgrinxProxyManager work without any problems.

Peter · April 18, 2025, 8:30am

now I made some additional checks like suggested in the nextcloud forum:
when I try to reach https://next.mydomain.com/.well-known/carddav from my web browser it leads me to the site: https://next.mydomain.com:30027/.well-known/carddav.
port 30027 is the port where nextcloud runs on my truenas. But in thee browser appears the error message:

When I try to connect https://next.example.com/remote.php/dav I receive this message This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client., which seems to be OK for me.
I think there is an error in the TXT or SRV entries on the DNS at my domain provider.
The connection via the Nextcloud app works fine.
This is the configuration of my nginx.conf:

events {}
http {
  server {
    listen              30027 ssl;
    listen              [::]:30027 ssl;
    http2               on;

    # Redirect HTTP to HTTPS
    error_page 497 301 =307 https://$host:$server_port$request_uri;

    ssl_certificate     /etc/nginx-certs/public.crt;
    ssl_certificate_key /etc/nginx-certs/private.key;

    client_max_body_size 3G;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;

    location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
    }

    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    location / {
      proxy_pass http://nextcloud:80;
      proxy_http_version                 1.1;
      proxy_cache_bypass                 $http_upgrade;
      proxy_request_buffering            off;

      # Proxy headers
      proxy_set_header Upgrade           $http_upgrade;
      proxy_set_header Connection        "upgrade";
      proxy_set_header Host              $http_host;
      proxy_set_header X-Real-IP         $remote_addr;
      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Host  $host;
      proxy_set_header X-Forwarded-Port  $server_port;

      # Proxy timeouts
      proxy_connect_timeout              60s;
      proxy_send_timeout                 60s;
      proxy_read_timeout                 60s;
    }

    include /etc/nginx/includes/*.conf;
  }

Any ideas where is the problem?