search

spantaleev / matrix-docker-ansible-deploy

🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
GNU Affero General Public License v3.0
4.67k stars 1.01k forks source link

"UNABLE_TO_VERYFIY_LEAF_SIGNATURE" when I try to open selfhosted etherpad widget #1711

Open sci92bior opened 2 years ago

sci92bior commented 2 years ago

Playbook Configuration:

My vars.yml file looks like this:

matrix_prometheus_enabled: true
matrix_prometheus_node_exporter_enabled: true
matrix_grafana_enabled: true
matrix_grafana_anonymous_access: false
matrix_grafana_default_admin_user: 'grafana-admin'
matrix_grafana_default_admin_password: XXXXXXXXXXXXXXXXXXXXXX
matrix_ssl_retrieval_method: manually-managed
matrix_ssl_config_dir_path: /home/administrator/matrix-docker-ansible-deploy/ssl
matrix_jitsi_enabled: true
matrix_jitsi_jicofo_auth_password: XXXXXXXXXXXXXXXXXXXXXXXX
matrix_jitsi_jvb_auth_password: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
matrix_jitsi_jibri_recorder_password: XXXXXXXXXXXXXXXXXXXXXXXXX
matrix_jitsi_jibri_xmpp_password: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
matrix_dimension_enabled: true
matrix_dimension_admins: ['@admin: pl','@dimension:pl]
matrix_dimension_access_token: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx"
matrix_etherpad_enabled: true
matrix_etherpad_admin_username: 'etherpad-admin'
matrix_etherpad_admin_password: XXXXXXXXXXXXXXXXXXXXXXX
matrix_ma1sd_enabled: false
matrix_client_element_enabled: true
matrix_synapse_admin_container_image_self_build: true
matrix_synapse_admin_container_image_self_build_repo: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
matrix_synapse_container_image_self_build: true
matrix_synapse_container_image_self_build_repo: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXx"
matrix_ma1sd_matrixorg_forwarding_enabled: false
matrix_synapse_enable_registration: false
matrix_synapse_admin_enabled: true
matrix_synapse_log_level: "DEBUG"
matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled: true
matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true

Matrix Server:

Ansible: If your problem appears to be with Ansible, tell us:

Problem description:

I try to run etherpad share dockuments in Element. After ansible deployment I receive error UNABLE_TO_VERYFI_LEAF_SIGNATURE on matrix-dimension server when i try to open etherpad widget in room. I reach dimension/etherpad page from browser in which I run element with https.

Client (please complete the following information):

spantaleev commented 2 years ago

It sounds like something to do with SSL certificate chain verification between Dimension/Etherpad. It seems like you're manually managing certificates. Perhaps you're using some sort of self-signed certificates that Dimension doesn't trust?

sci92bior commented 2 years ago

I have ganerated certificate from internal network CA for matrix, element and dimension. Looks like etherpad outside docker network have the same ceritificate as dimension (dimension.domain/etherpad). I can easly open Etherpad from browser via dimension.domain/etherpad with SSL so connection from outside works well. So etherpad should also have own SSL cerificate?

spantaleev commented 2 years ago

I have no clue, as I don't use any of these services. My guess is that Dimension wants to access Etherpad and the Dimension HTTP stack does not trust your self-signed certificates for https://dimension.domain/etherpad or whatever. Not sure how it's all wired together and which services tries to access which other service and when.