NethServer Version: 7.4.1708 (Final)
In short, I have an issue where I can’t verify a https connection on port 8082. It appears to be a CA related issue.
The Document Server (nginx) is responding correctly with SSL on port 8082, yet when I attempted to add the Document Editing Service address (https://<domain.tld>:8082) I would get a bad read error.
I tested via the command line:
openssl s_client -CApath /etc/ssl/certs/ -connect :8082
and it fails with:
verify error:num=20:unable to get local issuer certificate
depth=0 CN =
verify error:num=21:unable to verify the first certificate
Same command on Port 443 completes without error:
depth=1 C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
depth=0 CN =
At this point, please note that I have successfully installed OnlyOffice and nginx etc on a similar server setup without issue.
The only difference in the setup between the two machines is on the first one I used CERTBOT to get the certificate and on the second (problem one) I used ACME.SH.
I have checked and compared the two machine configs; I can get to and see the certs/keys in their respective locations; the db config is correct; the apache, nginx and nextcloud configs are correct; and, as mentioned, the SSL cert on the document server is working correctly when accessed from inside or outside of the network.
In troubleshooting I pulled it all down and started from scratch with the same result. I didn’t try going down the certbot path (the only real difference) as I would rather find what is causing this issue if it is related to the suggested acme.sh install - which places and PATHs the certs in different locations other than the nethserver pre-defined letsencrypt folder (eg):
Obviously, any suggestions are welcomed.