Error when trying to connect (Bad Request or timeout error)

[quelo1972]

I followed instructions from http://helpcenter.onlyoffice.com/server/linux/document/linux-installation.aspx and then I followed the instruction to activate the ssl encription and now the documentserver is listening correctly on thee 443 port with ssl encryption

Now I want to integrate nextcloud with onlyoffice. I've successfully installed in other machine nextcloud with ssl support I installed and activated the ONLYOFFICE app, into NEXTCLOUD, but when go to configure the app inserting https://<ipaddress-of-onlyoffice-documentserver>/ I have an error that appear to the upper part of the browser

Error when trying to connect (Bad Request or timeout error)

and the integration doesn't work.

Any idea?

DocumentServer version: 5.1.0-115 Operating System: Both UBUNTU SERVER 16.04 LTS

[alexanderonlyoffice]

Hello @quelo1972,

Please send us the screenshot of ONLYOFFICE address settings in Nextcloud.

Try also to check the accessibility of the server with the document server from the machine where Nextcloud is installed. Use wget command: wget https://your_document_server_address and vice versa.

[quelo1972]

Hi @alexanderonlyoffice,

Both the servers have ssl activated with self-signed certificate and both the FQDN are registered in our internal dns server and point to internal (private) ip addresses.

From nextcloud to onlyoffice

nextcloud@NEXTCLOUD01:~$ LANG=it_IT wget --no-check-certificate https://onlyoffice.comunespoleto.gov.it/
--2018-03-30 16:18:25--  https://onlyoffice.comunespoleto.gov.it/
Resolving onlyoffice.comunespoleto.gov.it (onlyoffice.comunespoleto.gov.it)... 192.168.23.78
Connecting to onlyoffice.comunespoleto.gov.it (onlyoffice.comunespoleto.gov.it)|192.168.23.78|:443... connected.
WARNING: cannot verify onlyoffice.comunespoleto.gov.it's certificate, issued by 'emailAddress=andrea.rossetti@comunespoleto.gov.it,CN=onlyoffice.comunespoleto.gov.it,OU=Servizio Informatico e Telefonico (SITEL),O=Comune di Spoleto,L=Spoleto,ST=Italia,C=IT':
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://onlyoffice.comunespoleto.gov.it/welcome/ [following]
--2018-03-30 16:18:25--  https://onlyoffice.comunespoleto.gov.it/welcome/
Reusing existing connection to onlyoffice.comunespoleto.gov.it:443.
HTTP request sent, awaiting response... 200 OK
Length: 4592 (4.5K) [text/html]
Saving to: 'index.html.1'

index.html.1                                         100%[===================================================================================================================>]   4.48K  --.-KB/s    in 0s

2018-03-30 16:18:25 (420 MB/s) - 'index.html.1' saved [4592/4592]

From onlyoffice to nextcloud

office@ONLYOFFICE02:~$ LANG=it_IT wget --no-check-certificate https://spoletocloud.comunespoleto.gov.it/
--2018-03-30 16:22:31--  https://spoletocloud.comunespoleto.gov.it/
Resolving spoletocloud.comunespoleto.gov.it (spoletocloud.comunespoleto.gov.it)... 192.168.23.72
Connecting to spoletocloud.comunespoleto.gov.it (spoletocloud.comunespoleto.gov.it)|192.168.23.72|:443... connected.
WARNING: cannot verify spoletocloud.comunespoleto.gov.it's certificate, issued by 'emailAddress=andrea.rossetti@comunespoleto.gov.it,CN=spoletocloud.comunespoleto.gov.it,OU=Servizio Informatico e Telefonico,O=Comune di Spoleto,L=Spoleto,ST=Italia,C=IT':
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 11321 (11K) [text/html]
Saving to: 'index.html.1'

index.html.1                                         100%[===================================================================================================================>]  11.06K  --.-KB/s    in 0s

2018-03-30 16:22:36 (95.6 MB/s) - 'index.html.1' saved [11321/11321]

[alexanderonlyoffice]

Hello @quelo1972,

Try to check the accessibility using wget command without no-check-certificate parameter. Most likely that servers will be inaccessible.

Please try to do the following:

Open /nextcloud/config/config.php and add a section:

'onlyoffice' =>
  array (
    'verify_peer_off' => TRUE,
  )

[quelo1972]

@alexanderonlyoffice

Try to check the accessibility using wget command without no-check-certificate parameter. Most likely that servers will be inaccessible.

without no-check-certificate option the command wget returns an error because the certificate is self signed and not trusted.

Please try to do the following: Open /nextcloud/config/config.php and add a section: 'onlyoffice' => array ( 'verify_peer_off' => TRUE, )

I tried and now my config.php is as follow

<?php
$CONFIG = array (
  'instanceid' => 'oc9c7lcruasq',
  'passwordsalt' => '9iLVW6m0GbtNlL+UL1JllxGWazCdel',
  'secret' => '0ODi+iPQtrHI9IQ8+c+6t4dcLNk+ujn8+9aN3QdKGWQPgRw2',
  'trusted_domains' =>
  array (
    0 => 'spoletocloud.comunespoleto.gov.it',
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'overwrite.cli.url' => 'https://spoletocloud.comunespoleto.gov.it/nextcloud',
  'dbtype' => 'mysql',
  'version' => '13.0.1.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'ncuser',
  'dbpassword' => 'ncpassword',
  'installed' => true,
  'maintenance' => false,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'htaccess.RewriteBase' => '/nextcloud',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'onlyoffice' =>
  array (
    'verify_peer_off' => TRUE,
  ),
);

But now, when I go to save the onlyoffice nextcloud plugin, I have another error, the following Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)

[alexanderonlyoffice]

@quelo1972, please try to use another trusted certificate, which will be verified, and remove this section from the config.

[quelo1972]

Now I'm only testing a solution for my organization and I don't have any trusted certificate to use for it but above all I do not have any machines directly exposed on the internet, so I can not even get a free certificate from let's encrypt. Is not there a way to make everything work to allow me to test the environment?

[alexanderonlyoffice]

@quelo1972, there are two options you can do: 1) you can try to remove both certificates from NC and OO; 2) or you can try to add the certificate of your NC to the document server, in this case you need to add the section which disables certificate validation again. Please follow this link to find more information on how to a certificate authority.

[quelo1972]

1. you can try to remove both certificates from NC and OO;

at the beginning I tried this way but I was told that it was necessary to activate SSL to make the integration work.

2. or you can try to add the certificate of your NC to the document server, in this case you need to add the section which disables certificate validation again. Please follow this link to find more information on how to a certificate authority.

unfortunately I do not have much experience with SSL, could you guide me step by step please?

For NC I used Apache for OO I used nginx.

[quelo1972]

I copyed the self-signed certificate from NC /etc/ssl/certs/apache-selfsigned.crt to /usr/local/share/ca-certificate/ of the OO machine and I ran update-ca-certificates command line in the OO machine, restarted nginx service but I get the same error. Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)

[sapphic-kitten]

Hi, i have the same Problem with my NC, OO installation. Both servers are using trusted certificates (Let’s Encrypt wildcard). "wget http(s)://oo-server.tld" and "wget http(s)://nc-server.tld" are working without a problem. But there is still the error "Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)" If I set the Advanced server settings to http I'll get a new error "CommandRequest on check error: Error occurred in the document service: ErrorCode = 1"

[mmohylko]

Hi, I faced with the same "error while downloading the document file to be converted" after updating OO from 5.0 to new 5.1 version. 16.04LTS, DEB from repo

[sapphic-kitten]

I tried a couple of things and now it's working. It seems like there is a problem with newer versions of Ubuntu Server / Debian. I switched from 17.10 to 16.04LTS and it works without a Problem.

P.s.: I'm not using Docker but the .deb version.

[quentinDupont]

Hello !! I follow this tutorial : https://www.linuxbabe.com/ubuntu/integrate-nextcloud-onlyoffice Which works perfectly until the end..

When I try to configure OnlyOffice in my Nextcloud. I have the same error : Error when trying to connect (Bad Request or timeout error)

So I try the solutions you talked about and indeed I have an issue of trusting when I try to wget between my NC server and my OO server.

Resolving onlyoffice.xxxxx.fr (onlyoffice.xxxxx.fr)... 145.239.xx.xx Connecting to onlyoffice.xxxxx.fr (onlyoffice.xxxxx..fr)|145.239.xx.xx|:443... connected. ERROR: The certificate of 'onlyoffice.xxxxx..fr' is not trusted. ERROR: The certificate of 'onlyoffice.xxxxx..fr' hasn't got a known issuer.

How do I make my NC server trust my OO server ?

Thank a lot in advance for your help :)

PS : I use Letsencrypt certificate both side (OO and NC server)

[sapphic-kitten]

You have to install the Letsencrypt CA certificate on both servers. Copy the CA certificate to "/usr/share/ca-certificates" and run "update-ca-certificates" as root.

[quentinDupont]

I'm sorry, I'm not sure to understand what really is Letsencrypt CA certificate or where I find it ?? Is it a public file or is it something I generate somewhere in my server.

In my OO server, I search in /etc/letsencrypt/live/onlyoffice.xxxxx.fr and I have 4 files cert.pem chain.pem fullchain.pem privkey.pem Should I put one my NC server ?

[mmohylko]

Finally, my case is resolved. It was self-signed certificate issue, exactly. Having installed OO 5.0.x, rooCA in /usr/share/ca-certificates/extra/ all works fine and curl https://nextcloud.local was clean. But after upgrade to OnlyOffice 5.1 I faced with “error while downloading the document file to be converted”. When I looked at /var/log/onlyoffice/documentserver/converter/out.log I saw:

[ERROR] nodeJS - error downloadFile:url=https://nextcloud.local/apps/onlyoffice/empty?doc=cklIWFVDSXFpUCttL0U3ZDg2NzJmcXNFRkZWekdWajMyNUowNzBQTldOST0/eyJhY3Rpb24iOiJlbXB0eSJ9;attempt=1;code:UNABLE_TO_VERIFY_LEAF_SIGNATURE;connect:undefined;(id=conv_check_2095600374_docx)
Error: unable to verify the first certificate

After a lot of experiments and tryings, I realised two necessary things for my case:

• Web-server certificate for nexcloud must contain full chain. My certificate was signed by SubCA.
• I had to run Node.js with additional key NODE_EXTRA_CA_CERTS=/etc/ssl/certs/mycorpRCA.pem. I suppose it must be added only to /etc/onlyoffice/documentserver/supervisor/onlyoffice-documentserver-converter.conf, but I added it to each *.conf in that directory, for sure. Please note, adding NODE_TLS_REJECT_UNAUTHORIZED=0 instead wasn't helpful for me. I hope it would be helpful for someone.

[stone212]

Is there a solution for this? My configuration:

Ubuntu 16.04 on NextCloud Server Ubuntu 16.04 on OnlyOffice server Each server has a letsencrypt cert for its domain and OnlyOffice installed with docker image Docker 17.05 OnlyOffice URL shows green check mark and "Document Server is running" NextCloud integration fails like this:

I enable OnlyOffice. Then I navigate to Admin --> ONLYOFFICE and I type the https://onlyoffice.myserver.com/ address and I hit "Save" and I get the error at the top of the page:

Error when trying to connect (Bad Request or timeout error)

[alexanderonlyoffice]

Hello @stone212,

Please try to check the accessibility of the Document Server from the machine with Nextcloud and vice versa. Use wget command: wget https://document_server_address and from the machine with Document Server: wget https://nextcloud_address

[stone212]

@alexanderonlyoffice Thank you for this test. The problem was with my nginx configuration. I was using the cert.pem file for the Cert and not the fullchain.pem file (letsencrypt).

[jaschrock]

I am also getting the error "CommandRequest on check error: Error occurred in the document service: Error while downloading the document file to be converted.". Environment: NextCloud 13.0.5, OnlyOffice 9.6.591? - that is what the file says. Both on two different Ubuntu 16.04.2 boxes both on same network so firewall shouldn't be issue. onlyoffice app is version 1.3.0 Both have a wildcard comodo (namecheap) certificate which show on both as no errors. Can get to both without problems (welcome screen with onlyoffice). can wget both hosts from each other without problems (gets the index file). In onlyoffice configuration I put in my url https://myserver.mydomain.com/ (using my values). When I click save, it gives me the error above. I have tried the advanced and without advanced with same result. I have tried some of the other values after the domain name that I have seen in forums without help. Any thoughts on what else to try? Thanks Alan

[alexanderonlyoffice]

Hello @jaschrock, this error means that the Document Server cannot download the file for editing. It seems that your NC is not accessible for the Document Server.

Check if JWT is disabled in /etc/onlyoffice/documentserver/default.json in container with Document Server, if you do not use it in NC.

Try also to change the value of the following string in default.json from true to false: "rejectUnauthorized": true

[jaschrock]

Thanks for your help. I got it working. This is what I needed to do: Changed outbox to true in /etc/onlyoffice/documentserver/default.json "token": { "enable": { "browser": false, "request": { "inbox": false, "outbox":true }

I also had to do the change to false "rejectUnauthorized": false

All seems fine now. Again, thanks for the help!

[alexanderonlyoffice]

Hi @jaschrock, we are glad that the issue has been resolved.

[shabsshab]

iam getting the below error while saving the document root. Error when trying to connect (Bad healthcheck status)

Installed nextcloud in ubunutu 16.04 server and installed letsencrypt

[ibnpetr]

@shabsshab Please check the status of the ONYOFFICE Document Server services supervisorctl status all Does it also have SSL certificate?

[shabsshab]

I have done with ONLYOFFICE document server but i have another issue Problem with code integrity check.

Some files have not passed the integrity check. Further information on how to resolve this issue can be found in the documentation. (List of invalid files… / Rescan…

Technical information

The following list covers which files have failed the integrity check. Please read the previous linked documentation to learn more about the errors and how to fix them.

Results

• core
  • FILE_MISSING
    • .htaccess
  • INVALID_HASH
    • .user.ini
    • version.php

Raw output

Array ( [core] => Array ( [FILE_MISSING] => Array ( [.htaccess] => Array ( [expected] => 70183f641f39fc5f43065aeb15b86ac99e86b82310d5467e1c4d935df30acc6155c0905f84f59616885275c19ffacea59e354a87a5c97c94f50d50d4eff0370e [current] => )

            )

        [INVALID_HASH] => Array
            (
                [.user.ini] => Array
                    (
                        [expected] => 467d4f028c447895716a2b7859ed6e569f8ee34b87b51d73dab2e6a9ca4fbe63172c7be3e365ae864a60408286afcce852dd38ee544b61685ed4ee5e021fecb0
                        [current] => d71945d913c9c3f3a9b7ad8d240690f566e1066cec057956a4b484c99f1298d49896313e5c0b5c1b1b5fd9c8f6a100a5959fa083fbae67761493e36557a3644a
                    )

                [version.php] => Array
                    (
                        [expected] => d508ba9867bcecaba3fa3d4c61653ab5e43589ea1267dc7618cbeaa3233ab3ee030d88a779941439477e6ed245b6d92029731f0cd4614d2cfe72eee1dfdc89e7
                        [current] => 8dbc2559d154853b280a2811038e94c1d6e6ca5e76e8675fb42ab6af4bff2a4f772ca43138901a868d4eb092d528867e242e45eac6848e87f05835ae32bf416a
                    )

            )

    )

)

================

vim version.php

<?php $OC_Version = array(14,0,1,1); $OC_VersionString = '14.0.1'; $OC_Edition = ''; $OC_Channel = 'stable'; $OC_VersionCanBeUpgradedFrom = array ( 'nextcloud' => array ( '13.0' => true, '14.0' => true, '14.0.1' => true, '14.0.1.1' => true, ), 'owncloud' => array ( ), ); $OC_Build = '2018-09-25T06:38:18+00:00 d96adc01b7b5dea20b64777daa04aefbcb9258e3'; $vendor = 'nextcloud';

sudo -u www-data php occ status

• installed: true
• version: 14.0.1.1
• versionstring: 14.0.1
• edition:

sudo -u www-data php occ maintenance:update:htaccess

Error updating .htaccess file, not enough permissions or "overwrite.cli.url" set to an invalid URL?

[shabsshab]

sudo ls -la data/

total 12 drwxr-xr-x 2 www-data www-data 4096 Sep 28 18:06 . drwxr-xr-x 15 www-data www-data 4096 Sep 28 19:24 .. -rw-r--r-- 1 www-data www-data 324 Sep 28 18:06 .htaccess -rw-r--r-- 1 www-data www-data 0 Sep 28 18:06 index.html

[alexanderonlyoffice]

@shabsshab, please note that these files are not related to ONLYOFFICE. These files are from your core.

[vinyll]

Had the same issue and this comment solved my issue running nginx+letsencrypt > docker

[bwen51]

Hello, I had the same problem and resolv it with ca export to OC server, now wget is working in both way but still have the same message error about converted file. Here is I see in docker onlyoffice log: [ERROR] nodeJS - error downloadFile:url=https://'FQDN'/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.-f_Mz8AwlYBj5qVclhZSz2ccySHwKKEIzEj39mI8-5k;attempt=3;code:null;connect:null;(id=conv_check_1083304476_docx) Error: Error response: statusCode:403 ;body: {"message":"Acc\u00e8s refus\u00e9"} could it be du to htaccess on the Owncloud server?

Thanks

EDIT: remove all htaccess file but error persist

EDIT2: Problem Solved!! see https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/36