OnlyOffice Integration https certificate failed

Hi Devs,

I try to integrate Onlyoffice in my nextcloud Installation.

Unfortunatly I cannot use a letsencrypt certificate and so I installed a private one.

Unfortnatly I cannot get the app connected. (outside nextcloud it works - showing ā€œDocument Server is runningā€)

The Log is:

Error onlyoffice HealthcheckRequest on check error: Bad Request or timeout error 2018-08-15T17:47:23+0200
Error PHP file_get_contents(https://192.168.10.10/healthcheck): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381 2018-08-15T17:47:23+0200
Error PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381 2018-08-15T17:47:23+0200
Error PHP file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381 2018-08-15T17:47:23+0200

Since the it failes inside the app I do not know what I should do.

Can you point me to the right path, please.

Thank you.

Did you change your Nextcloud config.php by issuing
sudo -u www-data vi /var/www/nextcloud/config/config.php
and paste the following rows before the last );

... 
'onlyoffice' => 
  array ( 
       'verify_peer_off' =>TRUE, 
  ), 
);

https://www.c-rieger.de/nextcloud-and-only-office-nginx/

4 Likes

Hi @Reiner_Nippes ,

Thank you very much.

That worked - after a few minor errors I have it up and running.

Thanks

Hi guys,

Thanks for pointing to the config needed to disable SSL check. If on one side it does allow the connection, on the other, it is only by disabling security. If one considers that SSL is not required in the context of two internal servers, then SSL should not be mandatory.

SSL is important and for that, it should be possible to get the thing running while validating the certificate. I added the CA in the /usr/share/ca-certificates directory of my server and reconfigured the CAs with dpkg. Still, probably because Nextcloud is running from a snap, it remained unable to validate the certificate. I tried with both an internal CA and Letā€™s Encrypt CA.

There is a need to add either a trusted CA or a trusted certificate to the Nextcloud config for it to know and trust the OnlyOffice peer server.

Thanks for sharing @Reiner_Nippes :

Adding

to config.php worked for my setup too :smile:

On a HPz230 (i7/16GbRam) with NC15.0.4 (NCPv1.7.0 curl install on Debian9)
I changed Apacheā€™s default ports in ports.conf, default.conf and nextcloud.conf to nn80 and nn43

Following instructions from Docker
After creating dir /app/onlyoffice/DocumentServer/data/certs and ssl key with self signed certificate, started container with

docker run -i -t -d -p 443:443 -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver

I added the verify_peer_off array to config.php and the local IP to the dockerā€™s /etc/hosts
All else I needed to do, is set the OnlyOfficeApp to the internal https://IP address.

It would/will not work with, nor does it need, a separate domain.
With a domain the app just would not connect and throw error to the log:

failed to open stream: Connection refused at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php

Looking pretty good sofar, lots of other errorā€™s in log tho not to worried about it:

count(): Parameter must be an array or an object that implements Countable at /var/www/nextcloud/apps/onlyoffice/templates/settings.php#64
and
Undefined offset: 2 at /var/www/nextcloud/apps/onlyoffice/controller/editorcontroller.php#434

I still having the same error, nothing change

Hi Reiner,

I seem to be running into a similar problem which Iā€™ve posted about [here]

I donā€™t want to bother you but I was wondering if you might have some ideas what the issue is? I have tried your solution and it does not seem to work.

Hi there

Iā€™ve made the change to /var/www/nextcloud/config/config.php but now I get the following error:

Error when trying to connect (Server error: GET https://10.x.x.x/healthcheck resulted in a 502 Bad Gatewayā€¦

Hi, I have running Nextcloud in docker-compose from this example docker-compose

sudo docker compose exec --user www-data app php occ  -V                                                                                                                                                      

Nextcloud 26.0.3

sudo docker compose exec --user www-data app php occ  app:list

- documentserver_community: 0.1.13
- onlyoffice: 7.8.0

OnlyOffice and Community Document work fine without SSL certificate

After that, I generate signed SSL certificate

OnlyOffice and Community Document work fine with signed SSL certificate

But in my case, I need to work with self-signed SSL certificate

But I still have the problem

sudo docker compose exec --user www-data app php occ onlyoffice:documentserver --check                                                                                                                        

Error connection: cURL error 7: Failed to connect to localhost port 443: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://localhost/apps/documentserver_community/healthcheck
curl --insecure  https://localhost/apps/documentserver_community/healthcheck                                                                                                                                  
true

I try to add to nextcloud/config/config.php

  'onlyoffice' =>array(
  'varify_peer_off'=>true
  ),

and also try add my certificate to nextcloud

sudo docker compose exec --user www-data app php occ  security:certificates                                                                                                                                   

+---------------+-------------+--------------------------+----------------+-----------+
| File Name     | Common Name | Organization             | Valid Until    | Issued By |
+---------------+-------------+--------------------------+----------------+-----------+
| localhost.crt |             | Internet Widgits Pty Ltd | March 12, 2029 |           |
+---------------+-------------+--------------------------+----------------+-----------+

Looks like typo: try verify instead of varify

1 Like

Thank you for your answer, I fixed the typo but unfortunately, it doesnā€™t help

sudo docker compose exec --user www-data app php occ config:list onlyoffice                                                                                                                                   ā”€ā•Æ
{
    "apps": {
        "onlyoffice": {
            "DocumentServerInternalUrl": "",
            "DocumentServerUrl": "https:\/\/localhost\/index.php\/apps\/documentserver_community\/",
            "StorageUrl": "",
            "defFormats": "{\"docx\":true,\"docxf\":true,\"oform\":true,\"pptx\":true,\"xlsx\":true,\"odp\":true,\"ods\":true,\"odt\":true,\"doc\":true,\"ppt\":true,\"xls\":true}",
            "demo": "{\"available\":true,\"enabled\":false,\"start\":{\"date\":\"2023-08-07 15:50:45.036748\",\"timezone_type\":3,\"timezone\":\"UTC\"}}",
            "editFormats": "{\"csv\":true,\"docx\":true,\"docxf\":true,\"pptx\":true,\"txt\":true,\"xlsx\":true,\"odp\":true,\"ods\":true,\"odt\":true,\"rtf\":true}",
            "enabled": "yes",
            "installed_version": "7.8.0",
            "jwt_secret": "",
            "sameTab": "true",
            "settings_error": "cURL error 7: Failed to connect to localhost port 443: Connection refused (see https:\/\/curl.haxx.se\/libcurl\/c\/libcurl-errors.html) for https:\/\/localhost\/index.php\/apps\/documentserver_community\/healthcheck",
            "types": "prevent_group_restriction",
            "verify_peer_off": "true"
        }
    }
}

Iā€™m running in to similar issues with only office and SSL certificates. I can access the OnlyOffice domain and see the welcome scren, or the /helthcheck url and it returns ā€˜trueā€™ā€¦ but when attempting to connect Nextcloud to OnlyOffice, I receive Curl error 6.