Update: After I read my response below, I realised the error. Although I had issued a “–fullchain” cert I wasn’t using it (cert + CA). Adjusting the /etc/nginx/conf.d/onlyoffice-documentserver.conf from:
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
to
ssl on;
ssl_certificate /etc/pki/tls/certs/fullchain.pem;
systemctl reload nginx
resolved it for me and all is now working perfectly. Thanks @mrmarkuz for the brilliant howto by the way - it is much appreciated.
— earlier response —
Thanks Markus.
I understand that the Lets Encrypt howto was for internal servers and cloudflare - no, I’m not using cloudflare. I really only used the howto for the specific nethserver commands for placement of keys, db config and event signals etc. I wanted to use acme over certbot as I am familiar with it from other servers I look after. I have external DNS control so just used this to create:
./acme.sh --issue -f -w /var/www/html/ -d <domain.tld> --cert-file /etc/pki/tls/certs/cert.pem --ca-file /etc/pki/tls/certs/chain.pem --fullchain-file /etc/pki/tls/certs/fullchain.pem --key-file /etc/pki/tls/private/privkey.pem --renew-hook "/sbin/e-smith/signal-event certificate-update"
I believe the issued certs are correct and the nginx / onlyoffice conf is pointing at them. The confusion for me is the document server/nginx is secured and operating yet is not finding the CA internally via port 8082 (nginx) yet it does on 443 (apache).