Missing certificate files in coolwsd

oschko · October 3, 2023, 5:04pm

As I didn’t get an answer from the german support, I try here now:

In coolwsd.xml, the ssl desc=“SSL settings” section specifies paths to certificate files:

<cert_file_path desc=“Path to the cert file” relative=“false”>/etc/coolwsd/cert.pem</cert_file_path>
<key_file_path desc=“Path to the key file” relative=“false”>/etc/coolwsd/key.pem</key_file_path>
<ca_file_path desc=“Path to the ca file” relative=“false”>/etc/coolwsd/ca-chain.cert.pem</ca_file_path>

However the certificate files do not exist.
Accordingly, journalctl -u coolwsd also issues the following messages:

Failed to initialize COOLWSD: File not found: /etc/coolwsd/ca-chain.cert.pem
Sep 29 18:31:02 hopeful-wright coolwsd[64062]: wsd-64062-64062 2023-09-29 18:31:02.075100 +0200 [ coolwsd ] FTL Failed to initialize COOLWSD: File not found: /etc/coolwsd/ca-chain.cert.pem| wsd/COOLWSD.hpp:509
Sep 29 18:31:02 hopeful-wright coolwsd[64062]: File not found: /etc/coolwsd/ca-chain.cert.pem
Sep 29 18:31:02 hopeful-wright coolwsd[64062]: terminate called after throwing an instance of ‘Poco::SystemException’
Sep 29 18:31:02 hopeful-wright coolwsd[64062]: what(): System exception
Sep 29 18:31:02 hopeful-wright systemd[1]: coolwsd.service: Main process exited, code=killed, status=6/ABRT
Sep 29 18:31:02 hopeful-wright systemd[1]: coolwsd.service: Failed with result ‘signal’.
Sep 29 18:31:02 hopeful-wright systemd[1]: coolwsd.service: Consumed 2.031s CPU time.
Sep 29 18:31:02 hopeful-wright systemd[1]: coolwsd.service: Scheduled restart job, restart counter is at 1.
Sep 29 18:31:02 hopeful-wright systemd[1]: Stopped Collabora Online WebSocket Daemon.
Sep 29 18:31:02 hopeful-wright systemd[1]: coolwsd.service: Consumed 2.031s CPU time.
Sep 29 18:31:02 hopeful-wright systemd[1]: Started Collabora Online WebSocket Daemon.

The question is, where do I find these .pem files?
In NC, the Nexcloud Office does not work (files cannot be opened or newly created).

Which provider? IONOS What kind of server? v-server
Operating system Ubuntu 22.04
Nextcloud Version: 27.1.1
PHP Version: PHP 8.1.2-1ubuntu2.14 (cli) (built: Aug 18 2023 11:41:11) (NTS) (determined with php -v in the terminal)
Which database? (Nginx) MariaDB 10.6.12
Apache version: Apache/2.4.52 (Ubuntu)
nginx version: nginx/1.24.

fanofnextcloud · October 10, 2023, 9:25am

The files you are missing belong to your SSL-/TLS-Cert. If you do not have a reverse proxy that provides SSL-/TLS termination, you should acquire a certificate, e.g. via lets encrypt, and adjust the paths to /etc/letsencrypt/live/…

If you do have a reverse proxy, and you encounter this error after updating collabora, like me, you probably overwrote your original config that disabled SSL with the new packaged config offered during the upgrade.

In this case, you should be able to savely disable SSL by editing /etc/coolwsd/coolwsd.xml and change the value for enable to false, and for terminate to true.

Here’s an excerpt:

    <ssl desc="SSL settings">
        <!-- switches from https:// + wss:// to http:// + ws:// -->
        <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
        <!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production -->
        <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>