Try the fastest and simplest way to install ONLYOFFICE

Error: unable to get local issuer certificate

Issues during installation and related to database

Error: unable to get local issuer certificate

Postby Reza.Nazeman » Thu Jun 14, 2018 12:47 pm

When trying to create a new example document, I get a "Download failed" popUp in the frontend.
Taking a look into the error log with
Code: Select all
less /var/log/onlyoffice/documentserver/docservice/out.log

shows:
Code: Select all
[2018-06-14 14:18:11.983] [WARN] nodeJS - Plugins watch exception (https://nodejs.org/docs/latest/api/fs.html#fs_availability).
[2018-06-14 14:18:12.015] [WARN] nodeJS - update cluster with 1 workers
[2018-06-14 14:18:12.046] [WARN] nodeJS - worker 28875 started.
[2018-06-14 14:18:13.297] [WARN] nodeJS - Express server starting...
[2018-06-14 14:18:13.975] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2018-06-14 14:18:30.740] [ERROR] nodeJS - postData error: docId = -1846555779;url = https://iuvm480.in.audi.vwg/example/track?filename=new%20(16).docx&useraddress=10.250.52.52;data = {"key":"-1846555779","status":1,"users":["uid-1"],"actions":[{"type":1,"userid":"uid-1"}]}
Error: unable to get local issuer certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:609:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)


Any help how to solve this Error: unable to get local issuer certificate problem?
Reza.Nazeman
 
Posts: 5
Joined: Tue Jun 12, 2018 3:59 pm

Re: Error: unable to get local issuer certificate

Postby Carl » Fri Jun 15, 2018 6:44 am

Hello.

This Download failed error means that Document Server cannot download the document from the storage. unable to get local issuer certificate string in the log file means that the ssl certificate installed on the server with the document storage was signed by an unknown CA-authority. Unfortunately, NodeJS 6.0 which is used by Document Server doesn't allow to add intermediate certificates to its CA-bundle, so please try to disable the certificate verification in Document Server's config (/etc/onlyoffice/documentserver/default.json => "rejectUnauthorized": false). Check if the issue persists.
Carl
 
Posts: 87
Joined: Thu Apr 12, 2018 10:00 am

Re: Error: unable to get local issuer certificate

Postby Reza.Nazeman » Fri Jun 15, 2018 7:41 am

Hello Carl,

thank you very much. Setting "rejectUnauthorized" to false solves the problem. Currently NodeJs v6.14.1 is installed on our server.
Is there a possibility to leave the ssl certificate verification active?
Reza.Nazeman
 
Posts: 5
Joined: Tue Jun 12, 2018 3:59 pm

Re: Error: unable to get local issuer certificate

Postby Carl » Fri Jun 15, 2018 11:49 am

We are currently working on adding support of later NodeJS versions which allow to add intermediate certificates to their CA-bundle. Unfortunately, we can't tell the exact date.

Until then, we'd recommend to leave the rejectUnauthorized parameter's value as false.
Carl
 
Posts: 87
Joined: Thu Apr 12, 2018 10:00 am

Re: Error: unable to get local issuer certificate

Postby lorenzoform » Thu Oct 25, 2018 6:36 am

Good morning I bought a certificare for Nextcloud and a certificate for OnlyOffice (from GoDaddy). Do you confirm that at the moment also with an official certificate it's needed to set "rejectUnauthorized": false ?
What does it mean in terms of security? Is the onlyoffice exposed to some kind of attack?

Regards.
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am

Re: Error: unable to get local issuer certificate

Postby Carl » Mon Oct 29, 2018 7:37 am

Hello,

Document Server should work correctly with certificates issued by trusted authorities so you can keep rejectUnauthorized at true.
Carl
 
Posts: 87
Joined: Thu Apr 12, 2018 10:00 am

Re: Error: unable to get local issuer certificate

Postby lorenzoform » Tue Oct 30, 2018 8:45 am

Good morning,

if I set rejectUnauthorized to True I receive the following error in the log "/var/log/onlyoffice/documentserver/converter/out.log":

[2018-10-30 09:34:58.585] [WARN] nodeJS - update cluster with 1 workers
[2018-10-30 09:34:58.592] [WARN] nodeJS - worker 1548 started.
[2018-10-30 09:34:58.593] [WARN] nodeJS - update cluster with 1 workers
[2018-10-30 09:34:59.745] [ERROR] nodeJS - [AMQP] Error: connect ECONNREFUSED 127.0.0.1:5672
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1191:14)
[2018-10-30 09:35:00.749] [ERROR] nodeJS - [AMQP] Error: connect ECONNREFUSED 127.0.0.1:5672
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1191:14)
[2018-10-30 09:35:50.669] [ERROR] nodeJS - error downloadFile:url=https://cloud.domain.com/nextcloud/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.1dHHP5BrpBNe1ras8AOf9Aom4roKCZnElbkRCXan-m0;attempt=1;code:UNABLE_TO_VERIFY_LEAF_SIGNATURE;connect:undefined;(id=conv_check_1925033460_docx)^M
Error: unable to verify the first certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
[2018-10-30 09:35:51.678] [ERROR] nodeJS - error downloadFile:url=https://cloud.domain.com/nextcloud/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.1dHHP5BrpBNe1ras8AOf9Aom4roKCZnElbkRCXan-m0;attempt=2;code:UNABLE_TO_VERIFY_LEAF_SIGNATURE;connect:undefined;(id=conv_check_1925033460_docx)^M
Error: unable to verify the first certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
[2018-10-30 09:35:52.686] [ERROR] nodeJS - error downloadFile:url=https://cloud.domain.com/nextcloud/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.1dHHP5BrpBNe1ras8AOf9Aom4roKCZnElbkRCXan-m0;attempt=3;code:UNABLE_TO_VERIFY_LEAF_SIGNATURE;connect:undefined;(id=conv_check_1925033460_docx)^M
Error: unable to verify the first certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am

Re: Error: unable to get local issuer certificate

Postby Carl » Tue Oct 30, 2018 12:38 pm

Hello,

Probably you see this error because the intermediate certificate is missing. Please check your Nextcloud domain with SSL checker to confirm it: https://www.sslshopper.com/ssl-checker.html
Carl
 
Posts: 87
Joined: Thu Apr 12, 2018 10:00 am

Re: Error: unable to get local issuer certificate

Postby lorenzoform » Tue Oct 30, 2018 9:22 pm

Thanks, now it works.
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am


Return to Installation issues

Who is online

Users browsing this forum: No registered users and 0 guests

cron