Cloud Computing Insider Awards 2022: Vote for ONLYOFFICE
Vote for ONLYOFFICE

How to configure Alfresco and Onlyoffice in https mode

I want to ask how to configure onlyoffice-alfresco connector using self-signed certificate or Let’s Encrypt
Document Server version: 7.1.0
Connector version: 6.0.0
DMS (platform) version:7.1/7.2
OS: Debian 11
Browser version: Firefox Latest

Alfresco and Onlyoffice works well between HTTP connection, but Error occured with HTTPS.
My OS is Debian11, Document Server is installed according to the official guide,
bash docs-install.sh then select Docker
docker run -i -t -d -p 443:443 --restart=always -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver:7.1.0.215
and copy my Let’encrypt wildcard certs to the folder /app/onlyoffice/DocumentServer/data/certs
access to Onlyoffice Docs server through https is ok. and I activated the sample site, it also works.

docker ps output:
2a713aafeaa6 onlyoffice/documentserver:7.1.0.215 "/app/ds/run-documen…" About an hour ago Up About an hour 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp bold_albattani

My Alfresco server is Bitnami Alfresco 7.1.0, also configured using https.
access https:// alf.mygreatdomain.net/alfresco/s/onlyoffice/onlyoffice-config,
fill the Document Editing Service address with: https://onlyoffice.mygreatdomain.net/
then hit Save, occurs “Error: ONLYOFFICE can not be reached”.

Hope there will be an official guide to setup Alfresco with ONLYOFFICE connector in https mode.

Thanks for reading and I really appreciate if some guys here can give some hints.

Hello @youring
You mentioned that Document server has wildcard cert. I believe we should start research there. Please check your Document server domain name via SSL Checker SSL Checker
Are there any issues?

Also please go to connector page >click Save button > show us the error message (make screenshot).
After that please provide us with whole Document server logs folder. It’s located here: /app/onlyoffice/DocumentServer/logs/documentserver/

Hello, @Alexandre Thanks for guiding.
SSL Checker all green.

I have checked all the logs under three subfolders of
/app/onlyoffice/DocumentServer/logs/documentserver/
No new logs found after I click the Save button on the connector configuration page.

I have pasted the logs on pastebin https://pastebin.com/rawwj0kp (empty log files omitted)

Please try to check mutual availability between servers. For example, go to Document server and run wget https://Alfresco_domain_name(from the host and from the container). And vice versa (from Alfresco server).
Please show us the result.

from Document Server host:

root@core ~# wget https://alfresco.MYDOMAIN.net
--2022-06-09 10:27:06--  https://alfresco.MYDOMAIN.net/
Resolving alfresco.MYDOMAIN.net (alfresco.MYDOMAIN.net)... 10.0.1.72
Connecting to alfresco.MYDOMAIN.net (alfresco.MYDOMAIN.net)|10.0.1.72|:443... connected.
ERROR: The certificate of 'alfresco.MYDOMAIN.net' is not trusted.
ERROR: The certificate of 'alfresco.MYDOMAIN.net' doesn't have a known issuer.

from the container:

root@2827e4c692ef:/# wget https://alfresco.MYDOMAIN.net
--2022-06-09 10:34:34--  https://alfresco.MYDOMAIN.net/
Resolving alfresco.MYDOMAIN.net (alfresco.MYDOMAIN.net)... 10.0.1.72
Connecting to alfresco.MYDOMAIN.net (alfresco.MYDOMAIN.net)|10.0.1.72|:443... connected.
ERROR: cannot verify alfresco.MYDOMAIN.net's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
  Unable to locally verify the issuer's authority.
To connect to alfresco.MYDOMAIN.net insecurely, use `--no-check-certificate'.

from Bitnami Alfresco server:

root@debian:/opt/bitnami# wget https://oo.MYDOMAIN.net
--2022-06-09 10:40:52--  https://oo.MYDOMAIN.net/
Resolving oo.MYDOMAIN.net (oo.MYDOMAIN.net)... 10.0.1.11
Connecting to oo.MYDOMAIN.net (oo.MYDOMAIN.net)|10.0.1.11|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://oo.MYDOMAIN.net/welcome/ [following]
--2022-06-09 10:40:52--  https://oo.MYDOMAIN.net/welcome/
Reusing existing connection to oo.MYDOMAIN.net:443.
HTTP request sent, awaiting response... 200 OK
Length: 4173 (4.1K) [text/html]
Saving to: ‘index.html.1’

index.html.1                                       100%[=============================================================================================================>]   4.08K  --.-KB/s    in 0s

2022-06-09 10:40:52 (140 MB/s) - ‘index.html.1’ saved [4173/4173]

Could you please run a test? Please go to Document Server container and open /etc/onlyoffice/documentserver/default.json. Find line "rejectUnauthorized": true . Change it to false. After that restart all services with supervisorctl restart all. Will the issue change?
Also please check your Alfresco certificate here: SSL Checker
Are there any issues?

That may be the cause! I changed rejectUnauthorized to false, after restart I can Save with Success!
Thank you so much.
But I still wonder why my wildcard domain certificate issued by Let’s Encrypt(LE) is still regarded as “Unauthorized”.
For the record, I used ACME Client in OPNsense to get certificate from LE using challenge type DNS-01.
My firewall, and MYDOMAIN.net is totally behind ISP router which block 80/443 ports. So access to outside SSL Checker such as sslshopper.com is not possible. But I had last time setup a dummy on my public VPS, copy my wildcard certificate to the VPS site, tested with SSL checker and the result are all green.

We are glad that the issue is solved.

My firewall, and MYDOMAIN.net is totally behind ISP router which block 80/443 ports. So access to outside SSL Checker such as sslshopper.com is not possible. But I had last time setup a dummy on my public VPS, copy my wildcard certificate to the VPS site, tested with SSL checker and the result are all green.

Probably this is the issue in your scenario. But I’m not sure how to help you in such scenario (all requests pass via ISP router where some ports are blocked).
Usually there’re no issues with LE certificates.