Thanks a lot. Lemme see if I could adopt your config file.
Self-signed certificate - Yes. I did successfullly after rounds and rounds of experiments. I use FreeNAS to generate CA and cert but openssl should also be the same.
Beware of SAN, valid period of the cert and SHA requirements by chrome and MacOS Catalina.
the certs may work in windows 7, but not in chromebook and after fixing, it work in safari but not in chrome in mac blah blah blah… It was a nightmare to me previously and turn out, I found out that the validty of the cert cannot be longer than 770 days otherwise chrome in macos will consider it as revoked.
Also, remember to put CA keychain (mac), /etc/somewhere in linux, chrome settings in chromeos and also use MMC to add CA without admin rights in windows 7.
In fact, those SSL problems caused me to try to move everything behind a nginx reversed proxy (as i don’t know in which update would break my adhoc patching to nextcloud and onlyoffice), and then let nextcloud and onlyoffice behind the proxy (within the same docker network) to talk with each other with reject_unauthorized set to false at the backend.