Nextcloud-appapi-harp | stop at "Init step" | certificate verify failed

ℹ️ Support
, , ,
1

Hi,

I tried to deploy the Nextcloud HaRP, but the test fail every time on “Init step”.

docker ps show the working and loaded containers:

docker ps
CONTAINER ID   IMAGE                                             COMMAND       CREATED          STATUS                    PORTS     NAMES
877a43218b16   ghcr.io/nextcloud/test-deploy:release             “/start.sh”   27 minutes ago   Up 27 minutes (healthy)             nc_app_test-deploy
bb69f44cde86   ghcr.io/nextcloud/nextcloud-appapi-harp:release   “start.sh”    45 minutes ago   Up 45 minutes (healthy)             appapi-harp

Looking inside nc_app_test-deploy the problem is the https connection, we using own certs.

docker logs --follow nc_app_test-deploy

\[…\]
INFO:      - “POST /init HTTP/1.1” 200 OK
TRACE:    ASGI \[3\] Send {‘type’: ‘http.response.start’, ‘status’: 200, ‘headers’: ‘<…>’}
TRACE:    ASGI \[3\] Send {‘type’: ‘http.response.body’, ‘body’: ‘<2 bytes>’}
Try default url to report the init status: https://nextcloud.local
\[SSL: CERTIFICATE_VERIFY_FAILED\] certificate verify failed: unable to get local issuer certificate (\_ssl.c:1006)

ERROR occurred! Can’t report the ExApp status to the Nextcloud instance.
Try send request using HTTP instead of HTTPS: http://nextcloud.local
Unsuccessful. Can not determine correct URL of the Nextcloud instance.

Is there any way to pass our ca into all this containers?

2

I’m having simillar issue but getting “Success” on HTTP attempt which is blocked with rewrite rules by my Apache config to prevent it to be used…

Try default url to report the init status: https://nextcloud.local
\[SSL: CERTIFICATE_VERIFY_FAILED\] certificate verify failed: unable to get local issuer certificate (\_ssl.c:1006)

ERROR occurred! Can’t report the ExApp status to the Nextcloud instance.
Try send request using HTTP instead of HTTPS: http://nextcloud.local
\[IMPORTANT\] Success. Maybe HTTP should be used? Check your infrastructure configuration.
TRACE:    ASGI \[3\] Completed
TRACE:    HTTP connection lost
3

@sawo, for sanity check:
try to ping your NC host from within Docker container:

docker exec nc_app_test-deploy ping nextcloud.local
4

Found out that in my case the issue was that I can’t make nc_app_test-deploy trust my inner CA certificate to communicate with Nextcloud.
If I use ‘official’ CA cert the problem solves, but I need to use exact cert that was generated within closed network.

5

I have the same issue - see AppApi HaRP Proxy connects but Test-Deploy fails on Heartbeat with 404.
The ping works well.
So, what now?

6

Could you please describe in more detail how you fixed this issue?

7

I’m using reverse proxy on my router DDNS that provided by router’s manufacture.
That DDNS+proxy gives me a legit SSL-cert on HTTPS, that works with nc_app_test-deploy.
In other words — you need to have a proper SSL certificate on your Nextcloud instance to make AppAPI test container to work with NC.

8

Great! That fixed it!
I have a self-signed cert. for “internal” and an official one for “external” access.
Since I changed “Nextcloud-URL“ in “Edit Deploy Daemon” to the “external” URL all 6/6 checks in ”Test deploy - HaRP Proxy (Host)”/”Start Deploy test” are successful!
Thanks alot!

1 Like
AppApi HaRP Proxy connects but Test-Deploy fails on Heartbeat with 404
9

That makes me wonder, which list of certs is Nextcloud validating?
Could i add my personal CA to that list?

10

I’ve tried that but with no success. And I failed to find any info about doing that…

11

I doesn’t try it, but maybe this works?

12

I’ve tried importing certs into OS running docker and in docker container itself but no luck.
Maybe I did something wrong but can’t say for sure since

13

I’m not 100% sure, but I guess you must import the CA by this command?

14

Can you try it?