AppSuite:OX Mail v2 0 / open-xchange-mobile-api-facade

Hi there,
apparently the setup for the new OX mailapp doesn’t work as expected.
Following this documentation here
does not seem to help, as the only package containing “facade” i can find on an univention / OX setup is

open-xchange-pns-mobile-api-facade/unbekannt,now 7.10.1-8 all [installiert]
The Mobile API Facade bundle for Push Notification Service

Can anyone help me with an installation walkthrough?


I am facing this very same problem to be able to use OX APPS. open-xchange-mobile-api-facade according to the is the package to be installed.

Is it ? Or will be supported by UCS?


Rolando Riley

UCS not provide package open-xchange-mobile-api-facade to the App OX Mail.
When will we know if they will integrate it into the packages?



right now we are discussing with OX about the integration of OX Mail into the Univention App Center. So for the moment I can only ask you to stay tuned…

Best regards


1 Like

any news on this?

We have also cusomers, which are interessted in this.

Good morning,
Is there already any progress in this direction?

We’re all eagerly waiting!
thanks a lot

Hi Sascha,

progress? yes
ready? unfortunately no.
The implementation is currently in QA and we hope that the last blocker will be removed in the near future.



The OX Update 7.10.2-ucs3 has been released. The corresponding Bug regarding the support of the OX Mail App has been closed.



thanks a lot

sorry for reopening.
After installing the package now we experience a strange apache problem, we can’t seem to fix:

When we set up the OX Mail App (on Android), we get an error message in the app saying that the server is not responding:

The server does not appear to be responding.

The Apache log of the server show this when trying to login:

[Thu Feb 06 10:11:16.689001 2020] [ssl:error] [pid 30444] AH02032: Hostname provided via SNI and hostname provided via HTTP have no compatible SSL setup

Note: we have set up a virtual-ssl.conf with numerous subdomains on this host.
The part looks like this:

# Open Xchange

<VirtualHost *:443>
  DocumentRoot /var/www
  RedirectMatch ^/$ /appsuite/
  Include /etc/apache2/sites-available/ox.conf

  SSLEngine on
  SSLProxyEngine on

SSLCertificateFile /etc/univention/ssl/
SSLCertificateKeyFile /etc/univention/ssl/
SSLCertificateChainFile /etc/univention/ssl/


We don’t seem to find a solution for this issue, and hope you would have an idea.

no idea anybody?

Hey tafkaz,

can you please check, if your /etc/apache2/sites-available/default-ssl.conf has the correct certificate paths referenced?

The default is:

SSLCertificateFile /etc/univention/ssl/{FQDN}/cert.pem
SSLCertificateKeyFile /etc/univention/ssl/{FQDN}/private.key
SSLCertificateChainFile /path/to/chain/file.pem

You can update these by altering the following UCR-variables:

apache2/ssl/key: <empty>
 The absolute path to the private RSA/DSA key of the SSL certificate file for mod_ssl. The key needs to be PEM-encoded. If the variable is unset, the certificate from the UCS CA is used (/etc/univention/ssl/FQDN/private.key).

apache2/ssl/certificate: <empty>
 The absolute path to the SSL certificate file for mod_ssl. The certificate needs to be PEM-encoded. If the variable is unset, the certificate from the UCS CA is used (/etc/univention/ssl/FQDN/cert.pem).

apache2/ssl/certificatechain: <empty>
 The path to a file containing CA certificates. They are sent to the client browser of a user, so that a certificate for authentication the user can be selected, which is issued by one of the CAs.


Hi @mschwarz
well yes, those keys seem correct, same as for in my virtual-ssl.conf.

<VirtualHost :443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/ssl/
SSLCertificateKeyFile /etc/univention/ssl/
SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem
SSLCertificateChainFile /etc/univention/ssl/

However, the wildcard certificate (* configured here doesn’t seem to work for the master url, which is not, but
Maybe this is the problem.

So either i could change the default fqdn to, or i would setup a seperate let’sencrypt certificate for that fqdn.
Don’t really know, what would you think?

ok…let’sencrypt for does not help:

[Mon May 11 19:31:05.240772 2020] [ssl:error] [pid 18965] AH02032: Hostname provided via SNI and hostname provided via HTTP have no compatible SSL setup