OnlyOffice Integration https certificate failed

Hi Devs,

I try to integrate Onlyoffice in my nextcloud Installation.

Unfortunatly I cannot use a letsencrypt certificate and so I installed a private one.

Unfortnatly I cannot get the app connected. (outside nextcloud it works - showing “Document Server is running”)

The Log is:

Error onlyoffice HealthcheckRequest on check error: Bad Request or timeout error 2018-08-15T17:47:23+0200
Error PHP file_get_contents(https://192.168.10.10/healthcheck): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381 2018-08-15T17:47:23+0200
Error PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381 2018-08-15T17:47:23+0200
Error PHP file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381 2018-08-15T17:47:23+0200

Since the it failes inside the app I do not know what I should do.

Can you point me to the right path, please.

Thank you.

Did you change your Nextcloud config.php by issuing
sudo -u www-data vi /var/www/nextcloud/config/config.php
and paste the following rows before the last );

... 
'onlyoffice' => 
  array ( 
       'verify_peer_off' =>TRUE, 
  ), 
);

https://www.c-rieger.de/nextcloud-and-only-office-nginx/

1 Like

Hi @Reiner_Nippes ,

Thank you very much.

That worked - after a few minor errors I have it up and running.

Thanks

Hi guys,

Thanks for pointing to the config needed to disable SSL check. If on one side it does allow the connection, on the other, it is only by disabling security. If one considers that SSL is not required in the context of two internal servers, then SSL should not be mandatory.

SSL is important and for that, it should be possible to get the thing running while validating the certificate. I added the CA in the /usr/share/ca-certificates directory of my server and reconfigured the CAs with dpkg. Still, probably because Nextcloud is running from a snap, it remained unable to validate the certificate. I tried with both an internal CA and Let’s Encrypt CA.

There is a need to add either a trusted CA or a trusted certificate to the Nextcloud config for it to know and trust the OnlyOffice peer server.

Thanks for sharing @Reiner_Nippes :

Adding

to config.php worked for my setup too :smile:

On a HPz230 (i7/16GbRam) with NC15.0.4 (NCPv1.7.0 curl install on Debian9)
I changed Apache’s default ports in ports.conf, default.conf and nextcloud.conf to nn80 and nn43

Following instructions from https://hub.docker.com/r/onlyoffice/documentserver/#configuring-docker-image
After creating dir /app/onlyoffice/DocumentServer/data/certs and ssl key with self signed certificate, started container with

docker run -i -t -d -p 443:443 -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver

I added the verify_peer_off array to config.php and the local IP to the docker’s /etc/hosts
All else I needed to do, is set the OnlyOfficeApp to the internal https://IP address.

It would/will not work with, nor does it need, a separate domain.
With a domain the app just would not connect and throw error to the log:

failed to open stream: Connection refused at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php

Looking pretty good sofar, lots of other error’s in log tho not to worried about it:

count(): Parameter must be an array or an object that implements Countable at /var/www/nextcloud/apps/onlyoffice/templates/settings.php#64
and
Undefined offset: 2 at /var/www/nextcloud/apps/onlyoffice/controller/editorcontroller.php#434

I still having the same error, nothing change

Hi Reiner,

I seem to be running into a similar problem which I’ve posted about [here]

I don’t want to bother you but I was wondering if you might have some ideas what the issue is? I have tried your solution and it does not seem to work.