Hey, a new problem has appeared out of the weeds since setting this up several months ago. The address in question is https://get2.hhangus.com if you want to diagnose.
The issue is that the certificate used doesn’t work in all browsers, some very security minded browsers will require the user to accept a security exception. The reason is because not all browsers consider GoDaddy a top-level trusted provider and therefore a chaining certificate is needed. Now, I had no problem getting the end-point certicate installed using the Cells installer, however, I never saw any instruction or request from the installer to install a chaining certificate, which I do have and did configure on the old Pydio v8 server that doesn’t have this issue.
How do I install a chaining certificate in Pydio Cells?
To install certificate chain, you just concatenate certs in a cert file.
cat cert > fullcert.crt
cat intermediate_cert >> fullcert.crt
Thanks c12simple, I re-ran cells install and now I get this:
Could not ensure that signing keys for “hydra.openid.id-token” exists. This can happen if you forget to run “hydra migrate sql”, set the wrong “secrets.system” or forget to set “secrets.system” entirely. error=“cipher: message authentication failed”
EDIT: I tried dropping the cells database and running cells start again, however now I get this when I try to connect:
Ladon blocked POST request at /frontend/session. Ladon Response: DefaultDeny:true
I restored a backup of the cells database and the original problem persists. I really need a way to fix the DB without dropping it anyways, I don’t want to lose the accounts created in it. Silly me, I didn’t make a VM snapshot before doing this, what was I thinking that a simple certificate switch using the provided installer program would just break EVERYTHING /sigh
EDIT2: After looking at the database created, after dropping the original cells database, all the ladon tables are empty. wtf?
Please try to empty database before running installation
Hi c12simple, I tried dropping the “cells” database first, however, this resulted in an incomplete install as many of the tables were empty after the re-install. I tried everything I could think of, including re-creating an empty cells database and adding user rights to that database before performing the install, however, the tables are still empty.
I can’t seem to update the certificate this way, the installer is simply broken. I’m sure I’m doing something wrong, but literally all I did was “./cells install” and used all the same settings except with the new certificate, and it broke everything. There is clearly an error mode in the installer that has not be considered and needs to be looked at. At the very least I would suggest:
Before install the installer should check for an existing install, and ask to perform an upgrade or a clean wipe depending on what the user is actually trying to do.
After install, the installer should check that all database tables and records were created/inserted correctly and that the system passes validation checks to ensure it will actually run.
Hope you had some good holidays,
I’m sorry for not sending a completed info.
You should empty db and clear /home/pydio/.config/pydio/cells/* before running new installation
Thanks c12simple, will this not delete all the existing data and files? I don’t want to lose the existing installation, I just want to update the SSL certificate.
Hope your holiday season was great, and have a happy new year!
Could you please try to restore db, use binary file of older version (ie 1.5.2). If it works, try to update Cells to latest version. That will do some db migration and should fix the error of DB.
Once db error is fixed, try to run
./cells config proxy url/tls to re-config the certs