Will do, James. I have not been able to recreate the held lock issue. I was starting/stopping jobs a fair bit at one point, and can't... be precise about where in the backup cycle those cancellations happened that a cleanup might not have happened. I will watch for it in the future. When I said there was no RAM pressure, I meant that was true for the server. However, my jobs all had 1GB of RAM. Your suggestion clued me in; because that value must be set after you setup the backup job, I had never noticed it before... or, not realized how critical it might be. I have bumped them all to 6GB of RAM, and so far, I've been seeing backup successes. Barring the question below, I'd say we could close this issue. The lesson learned is that I need to provide my backup tasks more RAM. Because I have some RAM to spare, I'm going aggressive, and giving things 6GB. I did not attempt to settle on a smaller amount, for anyone who comes along after--- I just gave the tasks a limit that I considered to be "a lot" in this context. I still see some things like the errors below. The backup completes successfully, but I'm unclear why there would be errors like these sprinkled throughout the backup. Is the relative path full/snapshot/app_... actually correct? Or, should that be a full path (e.g. the base path I provided at setup time along with the relative path)? In the command that succeeds, it is a full path. Feb 13 16:11:00 box:shell filesystem: ssh -o "StrictHostKeyChecking no" -i /tmp/identity_file_d82bc09e-a419-4d60-84bf-95d631fd0ebb -p 22 user@nas.lan cp -aRl full/snapshot/app_c74efccf-d273-46c9-8afe-3fd427bb78c1 full/2026-02-13-210356-064/app_git.jadud.com_v1.37.4 errored BoxError: ssh exited with code 1 signal null Feb 13 16:11:00 at ChildProcess.<anonymous> (/home/yellowtent/box/src/shell.js:82:23) Feb 13 16:11:00 at ChildProcess.emit (node:events:519:28) Feb 13 16:11:00 at maybeClose (node:internal/child_process:1101:16) Feb 13 16:11:00 at ChildProcess._handle.onexit (node:internal/child_process:304:5) { Feb 13 16:11:00 reason: 'Shell Error', Feb 13 16:11:00 details: {}, Feb 13 16:11:00 stdout: <Buffer >, Feb 13 16:11:00 stdoutString: '', Feb 13 16:11:00 stdoutLineCount: 0, Feb 13 16:11:00 stderr: <Buffer 63 70 3a 20 63 61 6e 6e 6f 74 20 73 74 61 74 20 27 66 75 6c 6c 2f 73 6e 61 70 73 68 6f 74 2f 61 70 70 5f 63 37 34 65 66 63 63 66 2d 64 32 37 33 2d 34 ... 50 more bytes>, Feb 13 16:11:00 stderrString: "cp: cannot stat 'full/snapshot/app_c74efccf-d273-46c9-8afe-3fd427bb78c1': No such file or directory\n", Feb 13 16:11:00 stderrLineCount: 1, Feb 13 16:11:00 code: 1, Feb 13 16:11:00 signal: null, Feb 13 16:11:00 timedOut: false, Feb 13 16:11:00 terminated: false Feb 13 16:11:00 } Feb 13 16:11:00 box:storage/filesystem SSH remote copy failed, trying sshfs copy Feb 13 16:11:00 box:shell filesystem: cp -aRl /mnt/managedbackups/1ec6c6b4-7566-4369-b2ce-466968b00d5d/full/snapshot/app_c74efccf-d273-46c9-8afe-3fd427bb78c1 /mnt/managedbackups/1ec6c6b4-7566-4369-b2ce-466968b00d5d/full/2026-02-13-210356-064/app_git.jadud.com_v1.37.4 Feb 13 16:11:07 box:backuptask copy: copied successfully to 2026-02-13-210356-064/app_git.jadud.com_v1.37.4. Took 7.889 seconds

Even though I thought cloudron-support --troubleshoot had already done this, i tried docker system prune -a --volumes again and managed to free up 2.954GB - now updating

DNS propagation is an asynchronous process. I have no way of knowing exactly when the DNS record has changed globally. My assumption was: as soon as the domain starts resolving to the Cloudron server (i.e., the first external requests hit the new IP), Cloudron could automatically begin issuing the certificate and complete the app setup. Is there a technical reason why this approach would not be feasible?

Cloudron will only update from one version to the next, no skipping. The reason is, that we cannot test realiably jumping versions like this. As @james suggested, first update the Ubuntu system to ideally 24 and then update Cloudron one-by-one.

also just to add, the last time this cloudron was updated was on july 2024

@difficult222 I have replied to your ticket.

Thanks, fixed - https://git.cloudron.io/platform/box/-/commit/51e02da277d972d1d8b514dc15256f88e2fbe201

Hello @danskvandrelaug Can you please share the config of your /etc/netplan/00-installer-config.yaml file? Also what hoster are you using? Also the output of the --troubleshoot looks all good. What exactly is the problem?

You’ll find way too many horror stories if you search for Contabo on this forum. I had the nvme plan and the speeds were constantly under 500mb/s. Support was useless. Frequent network issues were common. I’ve since moved to Hetzners dedicated vcpu entry plan that costs less than half but performance is top notch. It’s hosting my public facing sites while the rest are self hosted on premise. Before you go nuts trying to fix things on Contabo, go through a migration to a new provider and see how it goes. Use dry run feature when setting up the dns so the live sites are still using Contabo for now.

@girish probably for when we fixed the usernames having trouble with special chars and allowing just a dot which couldn't be deleted!

Fixed - https://git.cloudron.io/platform/box/-/commit/1ce5fcafd908c8362f57a7f6c1955591542bd895

Hello @jadudm Always happy to help.

Hello @hakunamatata Great find. We should still look into that. Thanks to the details I now have an approach to reproduce this issue.

Yes, you have to adjust the schedule manually to not overlap. Otherwise, if a single app is backing up to multiple sites in parallel, they will get serialized internally (with the lock).

There is also a Logs dropdown button in the backups view which opens the corresponding log file in the logsviewer, from there the full logs can also be downloaded, avoiding the need to ssh into the server.

@girish Can a migrations check be added to run until none remain, which hopefully evades the stuck condition too?

Hello @cbcun Great to read that you were able to resolve this issue yourself.

Hello @miednr Yes, for stopped apps a new backup will not be created since nothing has changed. See: https://docs.cloudron.io/backups#retention-policy For installed apps and box backups, the latest backup is always retained regardless of the policy. This ensures at least one backup remains preserved even if all backups fall outside the retention policy. This also preserves the latest backup of stopped apps when not referenced by any box backup. Did you know you can also archive apps? https://docs.cloudron.io/apps#archive

@girish Thank you, after upgrading to Cloudron version 9.0.17 (latest), everything started working again.