Collabora Online cURL error 60: SSL certificate problem: self signed certificate

Hey everyone,
I’ve set up a Collabora Online Server a few days ago and it’s working. But when I try to access the Server via the Nextcloud Collabora Online App it gives me the following error messages:

Internal Server Error

The server was unable to complete your request.

If this happens again, please send the technical details below to the server administrator.

More details can be found in the server log.

So I’ve read the log and heres what the log says:

GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate

  1. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 103: GuzzleHttp\Exception\RequestException wrapException(Object(GuzzleHttp\Message\Request), Object(GuzzleHttp\Ring\Exception\RingException))
  2. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 132: GuzzleHttp\RequestFsm->__invoke(Object(GuzzleHttp\Transaction))
  3. /var/www/nextcloud/3rdparty/react/promise/src/FulfilledPromise.php - line 25: GuzzleHttp\RequestFsm->GuzzleHttp{closure}(*** sensitive parameters replaced ***)
  4. /var/www/nextcloud/3rdparty/guzzlehttp/ringphp/src/Future/CompletedFutureValue.php - line 55: React\Promise\FulfilledPromise->then(Object(Closure), NULL, NULL)
  5. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Message/FutureResponse.php - line 43: GuzzleHttp\Ring\Future\CompletedFutureValue->then(Object(Closure), NULL, NULL)
  6. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 134: GuzzleHttp\Message\FutureResponse proxy(Object(GuzzleHttp\Ring\Future\CompletedFutureArray), Object(Closure))
  7. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php - line 165: GuzzleHttp\RequestFsm->__invoke(Object(GuzzleHttp\Transaction))
  8. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php - line 125: GuzzleHttp\Client->send(Object(GuzzleHttp\Message\Request))
  9. /var/www/nextcloud/lib/private/Http/Client/Client.php - line 138: GuzzleHttp\Client->get(’’, Array)
  10. /var/www/nextcloud/apps/richdocuments/lib/WOPI/DiscoveryManager.php - line 84: OC\Http\Client\Client->get(’’)
  11. /var/www/nextcloud/apps/richdocuments/lib/WOPI/Parser.php - line 41: OCA\Richdocuments\WOPI\DiscoveryManager->get()
  12. /var/www/nextcloud/apps/richdocuments/lib/TokenManager.php - line 122: OCA\Richdocuments\WOPI\Parser->getUrlSrc(‘application/vnd…’)
  13. /var/www/nextcloud/apps/richdocuments/lib/Controller/DocumentController.php - line 168: OCA\Richdocuments\TokenManager->getToken(*** sensitive parameters replaced ***)
  14. [internal function] OCA\Richdocuments\Controller\DocumentController->index(‘498’)
  15. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 161: call_user_func_array(Array, Array)
  16. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 91: OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\Richdocuments\Controller\DocumentController), ‘index’)
  17. /var/www/nextcloud/lib/private/AppFramework/App.php - line 115: OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\Richdocuments\Controller\DocumentController), ‘index’)
  18. /var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main(‘OCA\Richdocumen…’, ‘index’, Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
  19. [internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
  20. /var/www/nextcloud/lib/private/Route/Router.php - line 297: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
  21. /var/www/nextcloud/lib/base.php - line 998: OC\Route\Router->match(’/apps/richdocum…’)
  22. /var/www/nextcloud/index.php - line 37: OC handleRequest()
  23. {main}

I’ve tried every single option but nothing helps.
Every help is appreciated.

1 Like

Add your root cert to: /var/snap/nextcloud/common/nextcloud/data/files_external/rootcerts.crt

Source https://github.com/nextcloud/server/issues/5768

1 Like

I don’t have such a directory I’m using Debian 9 if thats helpful. But thanks for your quick answer :slight_smile:

Your datadir can be different./var/www/nextcloud/data or similar. Depends on installation method and configuration

1 Like

Oooh found it thanks. Which cert should i add? From Nextcloud or Collab Online they use different certs.

Okay I’ve added the Collab Online cert to the rootcerts but it’s still the same error.

I have added the root certificate that signed the collabora certificate. not the collabora certificate directly. And then restart nextcloud respectively the webserver (apache).

The Certificates/Keys are set up similar to the start script that is used in the docker container: https://github.com/CollaboraOnline/Docker-CODE/blob/master/scripts/start-libreoffice.sh

Could anyone provide more specific details as to how this problem was solved? I’m having the exact same messages in my log

Has this been solved? I’ve been working on this for days. I’ve tried fresh Ubuntu Server 16.04 installs several times, I’ve been very careful to follow every letter of https://nextcloud.com/collaboraonline/, and it doesn’t matter what I do, I keep getting this error at the end of it.

I’m using LetsEncrypt certs, the certs aren’t self signed.

I had the same issue and solved it after I found that description.

After a ton of Googling, I discovered that the reason for my local certificate getting rejected was that Chrome had deprecated support for commonName matching in certificates, in effect, requiring a subjectAltName since January 2017.

I now use the machines certificate and the name used in that certificate and replaced any 127.0.0.1 by this name. On the ServerName if not done already add :443

I resovled the problem by replacing
{nextcloud-installation-root}/resources/config/ca-bundle.crt
with the ca-bundle on
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
and resolved the problem. :dizzy_face: