A few days ago I had a look at the /var/log/fail2ban.log file and I saw some lines looking like this:
2022-09-18 15:45:15,589 fail2ban.filter [80383]: WARNING [nextcloud] Simulate NOW in operation since found time has too large deviation None ~ 1663508715.5893416 +/- 60
2022-09-18 15:45:15,589 fail2ban.filter [80383]: WARNING [nextcloud] Please check jail has possibly a timezone issue. Line with odd timestamp: {"reqId":"xxxxxxxxxxxxxxxxx","level":3,"time":"2022-09-18T15:45:15+02:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"stream_socket_enable_crypto(): Peer certificate CN=`xxxx.xxxx' did not match expected CN=`127.0.0.1' at /var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#94","userAgent":"--","version":"24.0.4.1","exception":{"Exception":"Error","Message":"stream_socket_enable_crypto(): Peer certificate CN=`xxx.xxx' did not match expected CN=`127.0.0.1' at /var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#94","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"file":"/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php","line":94,"function":"stream_socket_enable_crypto"},{"file":"/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/EsmtpTransport.php","line":348,"function":"startTLS","class":"Swift_Transport_StreamBuffer","type":"->"},{"file":"/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php","line":148,"function":"doHeloCommand","class":"Swift_Transport_EsmtpTransport","type":"->"},{"file":"/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Mailer.php","line":65,"function":"start","class":"Swift_Transport_AbstractSmtpTransport","type":"->"},{"file":"/var/www/nextcloud/lib/private/Mail/Mailer.php","line":195,"function":"send","class":"Swift_Mailer","type":"->"},{"file":"/var/www/nextcloud/apps/activity/lib/MailQueueHandler.php","line":415,"function":"send","class":"OC\\Mail\\Mailer","type":"->"},{"file":"/var/www/nextcloud/apps/activity/lib/MailQueueHandler.php","line":165,"function":"sendEmailToUser","class":"OCA\\Activity\\MailQueueHandler","type":"->"},{"file":"/var/www/nextcloud/apps/activity/lib/BackgroundJob/EmailNotification.php","line":61,"function":"sendEmails","class":"OCA\\Activity\\MailQueueHandler","type":"->"},{"file":"/var/www/nextcloud/lib/private/BackgroundJob/Job.php","line":54,"function":"run","class":"OCA\\Activity\\BackgroundJob\\EmailNotification","type":"->"},{"file":"/var/www/nextcloud/lib/private/BackgroundJob/TimedJob.php","line":60,"function":"execute","class":"OC\\BackgroundJob\\Job","type":"->"},{"file":"/var/www/nextcloud/cron.php","line":151,"function":"execute","class":"OC\\BackgroundJob\\TimedJob","type":"->"}],"File":"/var/www/nextcloud/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"}}
When I noticed this, I thought it was because the timezone of my Yunohost server was set to Europe/Paris whereas the logfile of Nextcloud was set to default (ie UTC), so I modified /var/www/nextcloud/config/config.php so that the logfile also uses Europe/Paris. The timestamps of the new log entries were changed as expected but, as you can see, this didn’t stop fail2ban from failing (since, AFAIK, the simulate NOW line means that no ban action will be taken).
Second strange thing, and I don’t know if it’s related, you can see on the second line that the CN is of the form xxx.xxx or domain.tld. But this is not the good domain since my nextcloud address is of the form subdomain.domain.tld. I don’t know if it’s of any relevance, but I had a failed upgrade to Yunohost 11 in late august and, as my backup was only very partial (only the /home directory), I installed Nextcloud on subdomain.domain.tld (on my Yunohost 4 installation it was on domain.tld/nextcloud) and then overwrote the content of /home/yunohost.app/nextcloudwith the one from my backup.
If someone could help me with this, I would be really grateful.