"Download failed" after upgrade to onlyoffice - unable to verify the first certificate #96
Comments
|
I am running into the same problem while setting up local virtual machines in our development environment. For our development virtual machines we use the .test TLD, so need to use self-signed certificates. The ONLYOFFICE Document Server has been installed on a CentOS 7 virtual machine following the directions here: https://helpcenter.onlyoffice.com/server/linux/document/linux-installation-centos.aspx I tried adding |
|
Hi Dana, try turning off validating certificate by Document Server. Set |
|
Unfortunately, node.js don't use system ca-certs and this issue can't be fixed by adding local CA cert to system bundle. Workaround by @agolybev work, but breaks SSL security due to allow connections to unauthorized ssl servers. |
|
The workaround does work, but pretty pretty please update your documentation as I have tried all -e SSL_VERIFY_CLIENT="off" -e NODE_TLS_REJECT_UNAUTHORIZED=0 and what not to make this work. Can I invoice these useless hours of frustration somewhere? Even set up chain file and gave it the recommend name and everything. Nothing helped here. |
|
@thomaswollburg |
|
@ibnpetr is there any schedule for next release ? |
|
@ibnpetr
However I am having the exact same issues as above. Also tried every workaround given above. |
|
Hi, The trick to turning off validating certificate by Document Server works great :
But how can i modify the default.json when the container starts ? |
|
@mrwormo Hi, you're are right, not all options from (I didn't check this exact command, but you should get an idea |
|
Hi @ShockwaveNN, |
|
@mrwormo I think there is no elegant way to use this command witho Docker Compose, you can modify https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/run-document-server.sh to add this command and rebuild image locally |
|
@ShockwaveNN I actually thought about modifying https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/run-document-server.sh, and build my own image, but that means that we would have to rebuild the image each time we update. |
|
@mrwormo I think you can try to move running I didn't test it through |
|
@ShockwaveNN Thx for the time spent, but it doesn't work. Dont't bother, i will continue to edit the file after the container has started... |
|
This issue is closed, seems original problem was resolved via update of nodejs to version 8 |
no. it's still not possible to use selfsigned certifcates. |
…ce - unable to verify the first certificate
|
Can confirm that Reiner is correct. This issue wasn't fixed until I used the temporary fix. |
fixes the issue reported here ONLYOFFICE/Docker-DocumentServer#96 with self-signed certificates
|
There actually is a way to do this properly and without disabling certificate verification. You can add your own CAs (or rather, replace nodejs' CA store) by adding them in the "services.CoAuthoring.requestDefaults" {
"agentOptions": {
"ca": "<your pem style CA cert>"
}
} |
I got this working using a modified version of this suggestion, basically inserting the edit in the docker run command. Problem in the example above is trying to use |
Docker tag:6.4, input command after docker run.and it work |
not work in docker image tags 7.0.0 |
|
You can now use docker env key |
Seccused! |
Yeah ! It's working with tag:6.4.2. |
Added to configuration docker-compose.yml launched container docker-compose up -d nextcloud: Error while downloading the document file to be converted.) (версия 7.1.0.215) What am I doing wrong ? How to solve this error? |
Can you show an example of how to correctly add (as you added) data to the docker-compose.yml configuration file ? |
|
@webagroprom I think for you it's better to create new discusttion\new issue since your problem doesn't seem any relation to original issue with certificate verification |
|
Hello, To resolve the same problem with Let's encrypt cert, I didn't modify onlyoffice configuration file default.json. pem files are from let's encrypt folder, I just copied them in /etc/ssl/certs/ and /etc/private/ See attachment : ds.conf.txt |
Yes, it works |
not work in docker image tags onlyoffice/documentserver-de:7.3.3.50. |
I upgraded to the current community- and document-server 9.6.1.627
Community-Server runs with self-signed SSL certificate
Document-Server runs with plain http
After restart of the two docker containers, I get an error message when opening any kind of document. The error message merely shows "Download failed".
I discovered the underlying error within the logfile
/app/onlyoffice/DocumentServer/logs/documentserver/converter/out.log
Whenever I open a document, an error shows up in this logfile:
[2018-04-10 14:17:05.216] [ERROR] nodeJS - error downloadFile:url=https://onlyoffice/products/files/httphandlers/filehandler.ashx?action=stream&fileid=4&version=6&stream_auth=xxx;attempt=3;code:UNABLE_TO_VERIFY_LEAF_SIGNATURE;connect:undefined;(id=PryKqIixHZSmYe_LEsQ_)
Error: unable to verify the first certificate
at Error (native)
at TLSSocket. (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
The document-Server seems to download something from the community-server and fails because it doesn't know the CA of the self-signed certificate.
How can I add my self-signed certificate or my CA to the document-server?
My CA must be injected to Node-JS service.
(Adding it to /etc/ssl/certs didn't work and also setting the docker-env NODE_TLS_REJECT_UNAUTHORIZED=0 didn't help either)
Thanks for any suggestions,
Thomas
The text was updated successfully, but these errors were encountered: