SSL not working

install
#1

Installing Pydio Cells on Ubuntu 18.04 for a small company project. Never worked with it before. With Pydio 8, I was able to get SSL to work with my domain certs without issue. I’m unable to get it to do so now. I still get the NET::ERR_CERT_AUTHORITY_INVALID error that I got prior to uploading these.

I’ve shut off Apache2. I’ve gone into /home/pydio/.config/cells/pydio.json and made sure that they pointed to the right location and even changed the URLs to point to 443. Nothing seems to work. I’m certain I’m probably missing something simple here, but I’ve never installed anything this way, so it’s quite confusing for me.

#2

Hi & welcome,
could you describe me your entire process when installing SSL and also did you use this command on the binary sudo setcap 'cap_net_bind_service=+ep' cells otherwise the binary could not use port 80 & 443.

#3

I installed a clean Ubuntu 18.04 image on a VM. I updated the VM and installed VMware Tools, but left it otherwise bare-bones. I ran through the installer on https://pydio.com/en/docs/cells/v1/ubuntu-systems step by step. In that process, I setup the SSL Certs, and since then, I’ve re-input the command ./cells config ssl and input my .crt and .key SSL certs as required. Neither event has shown to work properly.

I’ve run the ‘cap_net_bind_service=+ep’ cells command and it seems to have gone through successfully. But I’m not sure how to tell, because this installer and the program runs differently than anything I’ve worked with. I’m familiar with Linux, but by no means an expert.

I can access the Pydio instance through the browser by going to http://192.168.1.170:8080 but HTTPS gives me the NET::ERR_CERT_AUTHORITY_INVALID error. (Which can be bypassed by just clicking “Advanced” and then “Proceed to website.” But we just the clean connection. Any further details I can provide for you, please let me know.

#4

Additionally, when I said Pydio 8 worked, I mean that I set up a Pydio 8 server at the same time that I set up a Pydio Cells server. The Pydio 8 server (because I was able to alter the Apache config) worked. The Pydio Cells server handles the config within the Cells program itself, so i can’t alter it, nor can I test different configurations. I’d really like to know what I need to do…whether it’s to alter configs and apply the changes manually, or if I’m just doing something wrong.

#5

One correction. Sorry, it’s early for me. It appears since doing the ‘cap_net_bind_service=+ep’ cells command, it’s now working with https://192.168.1.170:443 instead of https://192.168.1.170:8080, but I’m still getting the Self Signed Cert error.

#6

let’s take a step back,

note that if you download a newbinary do not forget to use setcap
what setcap does is give the ability to the binary to bind to port 80 & 443.

i would advise you to put something similar to this when installing,

  • CELLS_BIND : 192.168.1.170:443

  • after that you should have the choice to either use custom certificates, lets encrypt, selfsigned or no certs, for your case choose the custom certificates option and point to them

  • then cells external should be automatically filled with https://192.168.1.170
    and after that you should be good to go.

edit: also if you are doing a clean reinstallation do not forget to remove the ~/.config/pydio and clean the database.

#7

At what point/location in the installation would I input the command “CELLS_BIND : 192.168.1.170:443” and is there a way to do this after the fact, as I don’t want to repeatedly run through the installation, especially now that it appears to be working for the most part.

Again, I’m not the most experienced with Linux, so if that above question seems absurd, I apologize.

#8

yeah fair enough,
you can actually edit those settings even after an installation,
edit ~/.config/pydio/cells/pydio.json and look for this line,

#9

So I have it set up that way, but just with “https://:443” But I still get the following error. When I click “Proceed to IP” it goes through fine, but the SSL cert doesn’t seem to ever be accepted.

#10

Additionally it’s saying that the certificate is issued to “Caddy Self-Signed.”

I’ve reconfigured it to use my own SSL Certs from our domain. Not sure why it’s saying that.

The following is from the pydio.json file. I was under the assumption I had it right?

image

#11

Hi rodger, remove the line "self": true, in the pydio.json an restart

1 Like
#12

Looks like that did the trick!!! AHHHHH Charles nicely done!

#13

Just a quick question: how did you “reconfigured it” ? Did you use cells config ssl mode ? If so it’s not normal that the “self”… line was still there.

1 Like
#14

Yes, I used cells config ssl mode. For some reason it kept the “self” field. Removing it seemed to have done the trick, although now, a new one came up…when I go to login I’m getting the following error.

#15

I feel like it shouldn’t be connecting to port 8080 anymore, considering it’s binding to 443 with HTTPS?

#16

Could you please repost your latest pydio.json config default section?