[SOLVED] Collabora SSL error

Thanks DecaTec, it won’t work for me, I don’t use nginx. But I found this post on the owncloud forums:

At the end, he says that he must use different certificates for the servers. Perhaps this could be related to my issue? Because I use the same trusted certificates for both, nextcloud and collabora, and they are running on the same machine.

Thank you

You also use the same servername? This is said in the dokumentation - it should be a different DNS resolvable name - strange but true.
So if you have the name nextcloud for the server it will not work with the hostnames nextcloud and/or localhost or anything else like this. And of course you have to use a matching cert.

If you want to change this - you need to adjust loolwsd.xml and the settings for the reverse proxy in apache/nginx/… and activate dont check certificate.


  No, i use nextcloud.server.com for nextcloud and

office.server.com for collabora docker.

  I will take a look at documentation again. But the craziest thing

is that it was running well until December.

Till December? Is your certificate still valid?

Yes, the certificate is valid and running on this server and
others. I renew the certs on October, so I can say they were
running perfectly. I don’t know where can be the error, I am going
mad with this.

Thanks a lot!

Can you do a
curl -i --verbose https://localhost:9981/
or wherever your port points to?

And in addition

docker logs mycollab_instance

When I do: curl -i --verbose I got this:

  • Trying ::1…

    • TCP_NODELAY set
    • connect to ::1 port 9980 failed: Conexión rehusada
    • Trying…
    • TCP_NODELAY set
    • Connected to localhost ( port 9980 (#0)
    • ALPN, offering h2
    • ALPN, offering http/1.1
    • successfully set certificate verify locations:
    • CAfile: /etc/ssl/certs/ca-certificates.crt
      CApath: /etc/ssl/certs
    • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    • TLSv1.3 (IN), TLS handshake, Server hello (2):
    • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
    • TLSv1.3 (IN), TLS handshake, Unknown (8):
    • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
    • TLSv1.3 (IN), TLS handshake, Certificate (11):
    • TLSv1.3 (OUT), TLS alert, Server hello (2):
    • SSL certificate problem: self signed certificate in certificate
    • stopped the pause stream!
    • Closing connection 0
      curl: (60) SSL certificate problem: self signed certificate in
      certificate chain
      More details here:

    I don’t understand why it says that i am using a self signed
    certificate when I am using a trusted certificate!

How do you copy the cert into the container and is it readable by lool.lool ?

I didn’t copy any cert into the container. I followed the
collabora installation instructions from the official web:

I had it running for a year, more and less, and suddenly…


If you do not copy a cert into the container, it will generate a self signed one every time you start the container. If an update of the rest changes the support of self singed certificates, then it will stop working.
I copy a cert from letsencrypt into the container and then I get the right response from curl.
Every time the cert becomes invalid (and I forget to renew) I get a white page.

Thanks a lot for your help! I am going on hollyday for a month, but when I come back, I will try to do the trick of the certa in the container.

Thank you again!!!

Well, sadly, with the covid19, we could not go on hollydays, so I am back :cry: :cry: As soon as posible I will check your workaround and post if it works, thanks a lot hartmut001.

In another hand, I see that I had an upgrade available to the 18.0.2 version, and I read that the new version comes with onlyoffice integrated, perhaps this coud be a temporary solution? I am really happy with collabora, and collabora does not have the user restrictions of onlyoffice. I want to work with collabora, but while I find a solution, I want to have a online office to work.


I’m not sure if I can be of help, but just a few thoughts off the top of my head.

There are a couple of possible SSL snags. There is an SSL connection from your client to your Apache reverse proxy, and then there is another SSL connection from nextcloud to collabora. I’m assuming from what you are posting that you think the problem is between the apache reverse proxy and collabora.

If you are running collabora from docker – are you using docker-compose or how are you starting and passing parameters to the collabora container?

Any idea what version of OpenSSL your host system is using? By host I guess I’m referring to the host of container host that nextcloud is running in.

This is going crazyest… I upgrade my server to 18.0.3 and now, I don’t get any error, but I get

I am considering doing a clean installation and migrating the current server, because I no longer know the changes and tests that I have done. :upside_down_face: :upside_down_face:

P.D. I forgot, my openssl version is:
OpenSSL 1.1.1 11 Sep 2018

My server is running on Ubuntu 18.04, it is a LAMP server, nextcloud running on it. Collabora is running on docker, as it says at official install guide. my docker version is:
Docker version 19.03.6, build 369ce74a3c
I use trusted certificated, not self-signed certificates. My certificates are ok, running on nextcloud without issues.


I’d really like to help you but now it seems the problem isn’t an SSL error anymore. Can you post any logs from the nextcloud and the collabora container?

I had the same problem. But i found my solution:
if you have a main apache2 configuration for your site and another configuration for your subdomain (cloud.xxx.com) , you have to modify your config of both files (main and subdomain) and add to SSLOpenSSLConfCmd prime256v1like this:
SSLOpenSSLConfCmd Curves secp521r1:secp384r1:sect283k1:sect283r1:sect409k1:sect409r1:sect571k1:sect571r1:prime256v1
After that, the problem is gone.
I hope this answer solve your problem, and i don’t know why its necessary to modify main site config too to have all working.

@freak007. Why do you need to do that? Are you using the non-RSA SSL certs?

I try it, but no luck. Thanks for the hint Freak007.

kevdog, I will pots the logs in a few ours, thanks.

Finally I got it running again!!

I am not sure what was the key, but the last changes I did:

1- In the file /etc/hosts add the line office.site.com

2- In my nextcloud.conf file at apache, i got <Virtualhost> instead of <Virtualhost *:80> (I don´t know why, but this is really a noob error!!)

After doing this last 2 changes, and leaving the rest of configurations in config files as the guides says, it is working again!!!

Thanks a lot for your help people, I love you!!!

i get same error on simillar issue on this issu the problem was with connection on router side, look this