-
Notifications
You must be signed in to change notification settings - Fork 487
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Download failed" after upgrade to onlyoffice - unable to verify the first certificate #96
Comments
I am running into the same problem while setting up local virtual machines in our development environment. For our development virtual machines we use the .test TLD, so need to use self-signed certificates. The ONLYOFFICE Document Server has been installed on a CentOS 7 virtual machine following the directions here: https://helpcenter.onlyoffice.com/server/linux/document/linux-installation-centos.aspx I tried adding
|
Hi Dana, try turning off validating certificate by Document Server. Set |
Unfortunately, node.js don't use system ca-certs and this issue can't be fixed by adding local CA cert to system bundle. Workaround by @agolybev work, but breaks SSL security due to allow connections to unauthorized ssl servers. |
The workaround does work, but pretty pretty please update your documentation as I have tried all -e SSL_VERIFY_CLIENT="off" -e NODE_TLS_REJECT_UNAUTHORIZED=0 and what not to make this work. Can I invoice these useless hours of frustration somewhere? Even set up chain file and gave it the recommend name and everything. Nothing helped here. |
@thomaswollburg |
@ibnpetr is there any schedule for next release ? |
@ibnpetr
However I am having the exact same issues as above. Also tried every workaround given above. |
Hi, The trick to turning off validating certificate by Document Server works great :
But how can i modify the default.json when the container starts ? |
@mrwormo Hi, you're are right, not all options from
(I didn't check this exact command, but you should get an idea |
Hi @ShockwaveNN, |
@mrwormo I think there is no elegant way to use this command witho Docker Compose, you can modify https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/run-document-server.sh to add this command and rebuild image locally |
@ShockwaveNN I actually thought about modifying https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/run-document-server.sh, and build my own image, but that means that we would have to rebuild the image each time we update. |
@mrwormo I think you can try to move running
I didn't test it through |
@ShockwaveNN Thx for the time spent, but it doesn't work. Dont't bother, i will continue to edit the file after the container has started... |
This issue is closed, seems original problem was resolved via update of nodejs to version 8 |
no. it's still not possible to use selfsigned certifcates. |
…ce - unable to verify the first certificate
Can confirm that Reiner is correct. This issue wasn't fixed until I used the temporary fix. |
fixes the issue reported here ONLYOFFICE/Docker-DocumentServer#96 with self-signed certificates
There actually is a way to do this properly and without disabling certificate verification. You can add your own CAs (or rather, replace nodejs' CA store) by adding them in the "services.CoAuthoring.requestDefaults" {
"agentOptions": {
"ca": "<your pem style CA cert>"
}
} |
I got this working using a modified version of this suggestion, basically inserting the edit in the docker run command. Problem in the example above is trying to use
|
Docker tag:6.4, input command after docker run.and it work |
not work in docker image tags 7.0.0 |
You can now use docker env key |
Seccused! |
Yeah ! It's working with tag:6.4.2. |
Added to configuration docker-compose.yml launched container docker-compose up -d nextcloud: Error while downloading the document file to be converted.) (версия 7.1.0.215) What am I doing wrong ? How to solve this error? |
Can you show an example of how to correctly add (as you added) data to the docker-compose.yml configuration file ? |
@webagroprom I think for you it's better to create new discusttion\new issue since your problem doesn't seem any relation to original issue with certificate verification |
Hello, To resolve the same problem with Let's encrypt cert, I didn't modify onlyoffice configuration file default.json. pem files are from let's encrypt folder, I just copied them in /etc/ssl/certs/ and /etc/private/ See attachment : ds.conf.txt |
Yes, it works |
not work in docker image tags onlyoffice/documentserver-de:7.3.3.50. |
I upgraded to the current community- and document-server 9.6.1.627
Community-Server runs with self-signed SSL certificate
Document-Server runs with plain http
After restart of the two docker containers, I get an error message when opening any kind of document. The error message merely shows "Download failed".
I discovered the underlying error within the logfile
/app/onlyoffice/DocumentServer/logs/documentserver/converter/out.log
Whenever I open a document, an error shows up in this logfile:
[2018-04-10 14:17:05.216] [ERROR] nodeJS - error downloadFile:url=https://onlyoffice/products/files/httphandlers/filehandler.ashx?action=stream&fileid=4&version=6&stream_auth=xxx;attempt=3;code:UNABLE_TO_VERIFY_LEAF_SIGNATURE;connect:undefined;(id=PryKqIixHZSmYe_LEsQ_)
Error: unable to verify the first certificate
at Error (native)
at TLSSocket. (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:609:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)
The document-Server seems to download something from the community-server and fails because it doesn't know the CA of the self-signed certificate.
How can I add my self-signed certificate or my CA to the document-server?
My CA must be injected to Node-JS service.
(Adding it to /etc/ssl/certs didn't work and also setting the docker-env NODE_TLS_REJECT_UNAUTHORIZED=0 didn't help either)
Thanks for any suggestions,
Thomas
The text was updated successfully, but these errors were encountered: