Total NOOB ONLYOFFICE cannot be reached. Please contact admin

daku97 · November 22, 2018, 4:36am

During the ONLYOFFICE setup I used the same domain name as my server. I did not think that was right but did not know otherwise. Install went fine but when I try to create a new document I get ONLYOFFICE cannot be reached. Please contact admin. This is my first time using NextCloud and OnlyOffice, please be gentle…How can I fix?

daku97 · November 22, 2018, 4:37am

Logging tab shows:

Undefined index: edit at /var/www/nextcloud/apps/onlyoffice/templates/settings.php#93

daku97 · November 22, 2018, 4:52am

I tried to chace the default port to 8443 but get:

Error when trying to connect (Bad healthcheck status)

I think I created a port conflict but not sure how to check, i’m an old Windows guy

Reiner_Nippes · November 22, 2018, 1:12pm

which howto did you follow?

are you sure that you setup the certificates for only office right?

daku97 · November 22, 2018, 1:36pm

During the setup it asked if I wanted to use the existing cert, I said yes, keep the existing.

The existing is the one generated by the script found here.

https://github.com/nextcloud/vm/blob/master/lets-encrypt/activate-ssl.sh

Thanks

Reiner_Nippes · November 22, 2018, 2:58pm

if you use Daniels scripts best to ask him.

@enoch85

enoch85 · November 22, 2018, 11:52pm

The OnlyOffice scripts has built in SSL so no need to use a seperate script for that.

Also, please use another subdomain that the original, e.g. office.yourdomain.com

daku97 · November 23, 2018, 5:32pm

So I created another subdomain as suggested but am now geting a different errror:

The following errors were reported by the server:

Domain: office.brickcitysolutions.com
Type: connection
Detail: Fetching
http://office.brickcitysolutions.com/.well-known/acme-challenge/YCOJU8b_j-p5tVlePJdfhhsh92N-_2SkKbvki9ea2_4:
Timeout during connect

It’s not a firewall issue as all other features work as expected. I also tried to create a DNS text recored using the above, then rereun the setup script but it seems the acme-challenge is different everytime the scripts runs. Also, I hope everyone enjoyed your Thanksgiving if in the US. Thanks for the help!!!

enoch85 · November 23, 2018, 9:12pm

Take a look at this and this.

Let me know how it works out for you.

daku97 · November 25, 2018, 12:55am

Daniel,
I reviewed the videos, while very pretty to watch, they didn’t really help. More context. I purchased your preconfigured Hyper-V VM. I have met a prerequisites that I know of. I entered the 2 different DNS zones, cloud.yourdomain.com and office.yourdomain.com. The install of NextCloud went perfectly, even the upgrade and every other option i selected. but when it came to OnlyOffice, I get the same error on the acme-challenge. Note that everytime I start over I redeploy the downloaded VHDX files. So I should be starting from new.

I noticed a OnlyOffice option in the NextCloud GUI. Is that an option?

daku97 · November 27, 2018, 4:05pm

Here is where I stand. As DNS is correct, I looked at name resolution in the VM. I saw the host file had my domain pointed to 127.0.0.1. I added an entry with my public address. That got me past my initial error. The onlyoffice scriptes proceeds until it gets to the acme-challenge. During the Nextcloud install I was prompted to create a acme-challenge text record, which I did. That got Nextcloud installed. The onlyoffice script dose not ask me to do this but i created the same recored it in the office.mydomain. I still get:

Failed authorization procedure. office.brickcitysolutions.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://office.brickcitysolutions.com/.well-known/acme-challenge/hIYBJLHOt7TpJcy1WQNoN4aqapkWSJnuiWA_7JdxWtE: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: office.brickcitysolutions.com
Type: connection
Detail: Fetching
http://office.brickcitysolutions.com/.well-known/acme-challenge/hIYBJLHOt7TpJcy1WQNoN4aqapkWSJnuiWA_7JdxWtE:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
It seems like no certs were generated, please report this issue here: https://github.com/nextcloud/vm/issues

How do i get around this?

Thanks again for the help

daku97 · December 5, 2018, 12:04am

@enoch85

Port 80 was closed. Thanks Daniel!

enoch85 · December 5, 2018, 8:21pm

Glad you solved it. Sorry for the late response.

Do you think I should make the notice more clear? https://github.com/nextcloud/vm/blob/master/lets-encrypt/activate-ssl.sh#L29 Please let me know and I’ll fix it!

Thanks!

daku97 · December 31, 2018, 3:50pm

A small few words, or a link, explaning the process would be helpful as an addtion. Also following up with a question, As a home user getting prot 80 open is an expensive, ongoing action. Would port 80 need to be open all the time, or for just timed operations? ie once a month to check certs, or anything to that effect?

Thanks for all your hard work and Happy New Year!

Reiner_Nippes · December 31, 2018, 4:27pm

everything will be redirected to 443.

github.com

nextcloud/vm/blob/master/lets-encrypt/activate-ssl.sh#L132




# Generate nextcloud_ssl_domain.conf
if [ ! -f "$ssl_conf" ]
then
touch "$ssl_conf"
print_text_in_color "$IGreen" "$ssl_conf was successfully created."
sleep 2
cat << SSL_CREATE > "$ssl_conf"
<VirtualHost *:80>
ServerName $domain
Redirect / https://$domain
</VirtualHost>


<VirtualHost *:443>


Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
# Header always set Referrer-Policy "strict-origin"
SSLEngine on
SSLCompression off
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

why is it expensive to open port 80?

daku97 · December 31, 2018, 5:11pm

@ Reiner_Nippes THis looks like the answer to my problem!! My ISP only allows 80 open to commercial subscribers and the cost is triple what I pay as a residential subscriber.

Now as I stated I am a Windows guy and a Noob at Linux. In the link you provided, should I change the highlighted line 132 or something else? Also what is the path to the file?

Again NOOB! Thanks for the great assist!!!

Reiner_Nippes · December 31, 2018, 6:01pm

well.

you need port 80 open from the internet to get a certificate from letsencrypt. (you may google “letsencrypt without port 80”, to find an alternative way to get one.)
you need each three month a new certificate. that’s it.

no need to change anything on nextcloud. in fact you don’t want to change the behavior that your nextcloud can be accessed unencrypted.

enoch85 · January 8, 2020, 7:04pm

You don’t need to change anything.

Once Let’s Encrypt is setup it will autorenew as long as port 80 is open (always keep it open, for convenience)
All traffic that comes in on port 80 becomes traffic on port 443 (encrypted) as it’s automatically redirected.
Sit back and releax, and let the scripts in the VM do the job for you.