I encountered an error while attempting to change the ONLYOFFICE server, set up in a Linux Ubuntu environment, from HTTP to HTTPS for service deployment. I followed the instructions exactly as described in this guide : Switching ONLYOFFICE Docs to HTTPS protocol
Below are the commands I executed:
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo bash /usr/bin/documentserver-letsencrypt.sh email@example.com yourdomain.com
sudo service nginx stop
sudo cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf
And I opened the /etc/onlyoffice/documentserver/nginx/ds.conf file and changed {{SSL_CERTIFICATE_PATH}} and {{SSL_KEY_PATH}} to /etc/letsencrypt/live/my.domain.com/fullchain.pem and /etc/letsencrypt/live/my.domain.com/privkey.pem, respectively.
Finally, I ran the command sudo service nginx start .
However, after running the command sudo bash /usr/bin/documentserver-letsencrypt.sh email@example.com yourdomain.com, both the HTTP and HTTPS addresses became inaccessible, and the API failed to load in the <script type="text/javascript" src="my.domain/web-apps/apps/api/documents/api.js"></script> script.
As a result, when I did not attempt the HTTPS change, everything worked smoothly on the local machine, but in the deployment environment, nothing is working. What did I miss?
Hello there,
when you invoke letsencrypt to generate a ssl-certificate it has to validate your domain first. For that it uses ACME. In my case (I’m on docker) it starts up an custom nginx-server on port 80 and validates my domain via token-exchange/accessibility. It does this about every 60 days once.
So, make sure you have indeed obtained your certificate first. Check if the files are in place.
Then fire up docserver’s nginx and check the logs for anything unusual if it’s still inaccessible.
From what I see, you are running a Ubuntu server hooked up directly to the outside world with a DNS pointing to that host?
I believe most professionals/people would run a reverse proxy and/or generate their certificate outside of onlyoffice.
UPDATE:
I have checked the instructions. You mixed up stuff. Enabling SSL provides you with 6 possible options (each one in regard to the used version):
- You either use letsencrypt with the certbot which does everything for you
- You make your certs (manually) accessible to onlyoffice for docservice > v5.3 and later following the instructions
- Same as option 2, but for docservice = v5.2
- …
You mixed option 1 and 2. Do it again, but use one option only!
Hello @moonjb
@bermuda is correct. Please try following only one instruction at a time. If you are installing certbot, then you only need to run documentserver-letsencrypt.sh script.
I really appreciate it! I resolved the issue by deleting all certificate information and using only one option.
1 Like