Can not edit files with collabora anymore

ldecoker · June 2, 2020, 12:24pm

Hello!

Since this morning, I can not edit files with Collabora anymore. Error message: “Failed to load Collabora Online”.

My nextcloud version : 18.0.4
Collabora version: 4.2
Collabora app version: 3.5.3 (latest version not working at all - can not establish connection with the collabora online server).
OS: Debian 9

Admin console is running and /hosting/discovery too.
When trying to edit a file (word one for example), I got the loading icon then the error “Failed to load collabora online”.
I check on server log but can not find anything.

Any suggestion? Thx!

ldecoker · June 2, 2020, 1:48pm

I finally found where was logged the error: in data/nextcloud.log …

Below the error:

“Exception”:“Doctrine\DBAL\Exception\InvalidFieldNameException”,“Message”:“An exception occurred while executing ‘INSERT INTO oc_richdocuments_wopi(fileid,owner_uid,editor_uid,version,canwrite,server_host,token,expiry,template_destination,hide_download,direct,is_remote_token,template_id) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?)’ with params [191483, "", "", 0, true, "https:\/\/********/", "XyDlaVBRIEPlFyzwqGK8wZ28LN7mmWYI", 1591105745, 0, false, false, false, 0]:\n\nSQLSTATE[42S22]: Column not found: 1054 Unknown column ‘is_remote_token’ in ‘field list’”

Solution to this issue can be found on github: https://github.com/nextcloud/richdocuments/issues/917#issuecomment-626316169

After doing that, the error changed to:

{“Exception”:“GuzzleHttp\Exception\RequestException”,“Message”:"cURL error 60: SSL certificate problem: certificate has expired

Strange to me as the certificat is not expired. Temporarily I disable the certificate verification in the collabora admin page and it works. I am able to edit the files.

The last point is to find out why it does say the certificate is expired (it’s the same used on GUI).

misiunt · June 2, 2020, 2:28pm

as far as I know, there are 2 different “types” of certificates used in context of collabora:

the “external” ones included in the webserver configs
the “internal” ones included in the /etc/loolwsd.xml

I believe, disabling of the certificate validation works for the internal ones - did you check them ? I

regards
Gregor

ldecoker · June 2, 2020, 2:47pm

I use the same certificates for both internal and external contexts.

I indicated the same certificates In /etc/loolwsd.xml in sections ssl and storage.ssl as in apache config.
Disabling the certificate validation makes it work but it’s not really secure.

misiunt · June 2, 2020, 3:04pm

Do you get this “certificate expired” message in the webbrowser ? If yes, you could have a deeper look in the certificate used by the browser and see the “valid from/to” dates the browser can see in the certificate. May be the inormation can help to find the reason for the error.

regards
Gregor

ldecoker · June 3, 2020, 6:55am

I get this error when trying to open a document in the web interface. The error is not visible on the web interface but instead in /data/nextcloud.log.
The used certificate is valid until 2021.

Thx in advance !

Reiikz · September 7, 2020, 6:32am

sorry for the Annoyance I fixed it.

For those who want to TL;DR
sudo -u www-data php occ security:certificates:import data/files_external/myCA.crt
or in case you wanna add in in a more visible place just append it to this file
sudo nano resources/config/ca-bundle.crt

it seems like nextcloud doesn’t come with the Let’s encrypt authority that issued my certificate and that was the root of the issue, I’m unaware of why some software just won’t pick up Let’s Encrypt CA sometimes not just nextcloud and I’m not sure if it is present on my system.

in two ways actually, you can run
occ security:certificates:import yourCA.crt (in my case let’s encrypt authority)
keep in mind you have to run it as the owner of the files in question (since we’re talking about nextcloud that’s obviously the web server which in my case is www-data)
in my case the whole command would be (with the prompt in the nextcloud directory)
sudo -u www-data php occ security:certificates:import data/files_external/myCA.crt

Hi, l’m having the same issue and I’m also not getting any errors in the logfile.

Here’s my setup:
Debian Buster (10)
mysql 8.0.21 for Debian 10 I got directly from MySQL’s website
php 7.3.19-1~deb10u1
Apache/2.4.38 (Debian)
SSL certificates from Let’s Encrypt.
URLs get redirected permanently to HTTPS.
Nextcloud 19
Collabora online CODE (got from the appstore installed manually (just copied the folder and made sure permissions and ownership were correct) and then enabled via web,) v 4.2.602
Collabora online App 3.7.4