NextCloud / onlyoffice-doc server broken

Good day everyone!

I’m new to this community.I’m impressed by this product and the polish that is added to the interfaces and admin tools… Believe it or not, it is important for customers with little Linux admin background to be able to minimally “manage” their servers by themselves for there is much more SMB than large organisations with IT experts in this world…I’m not so familiar with containers and how to reverse OR select of specific versions of software; which I believe would resolve my issue here…

I’ve installed UCS from the latest ISO 4.4… the NextCloud version that comes out of the box from the APP Centre is 16.0.5-0. The onlyoffice Doc server version available is Unfortunately, after following the install steps on the APP centre and launching NextCloud, I can’t get OO to function properly. I keep getting this error message within NC:

Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)"

If, within NC, I configure the IP address as opposed to the FQDN, I get another error message:

Error when trying to connect (cURL error 51: SSL: no alternative certificate subject name matches target host name ‘x.26.2.99’ (see… I believe the last error is a certificate issue

Bottom line, as I have another install of UCS:
The currently installed release version is 4.4-1 errata273.

  • [ONLYOFFICE Document Server]Version
  • [Nextcloud](javascript:void(0)): Version 16.0.4-0

That install works flawlessly. I’ve attempted to downgrade my newer install to 4.4-1 errata273 but, even if the downgrade is done, the apps offered are still the newer versions ones. I would like to “replicate the same versions” but I’m unaware how to select different/older containers from the more recent APP center on the first install. I assume it must be a text file somewhere in which I can force specific version numbers… Yet, I can’t find it!

Would anyone know how to help me out with this please?

Thank you all in advance. This is sooo appreciated!

Hi david, I’ve had issues on upgrade in the past too with that same error in testlabs and live systems. It often comes down to certificate issues between nextcloud and onlyoffice.

A couple of things I’ve tried previously:

  • force-run the join script for the nextcloud and onlyoffice again. This can sometimes regenerate/install the certificate from the UCS CA. That got me out of a pickle one upgrade

  • In the nextcloud container, (do you know how to use univention-shell?) edit the nextcloud config.php file to add the section 'verify_peer_off' from the known issues section at the bottom of this support page. That worked on one upgrade but not another.

  • The last time this happened I had to do this as well as the second suggestion: In the onlyoffice container edit the and change the /etc/onlyoffice/documentserver/default.json file and change “rejectUnauthorized”: true to false and restart the container.

From what I understand the UCS integration is supposed to install certificate chains in both containers so there aren’t self-signed certificate trust issues but perhaps sometimes that goes wrong on upgrade vs new install?

Anyway, running some combination or all of these after an upgrade got me working the last time I saw that error. Perhaps there are alternative ways to preserve the UCS CA trust between the servers (These changes are kind of lowering that trust bar).

Hope that helps.

Thank you so much for your response… I am familiar with the univention cli to jump from one app to the other so I’m good to implement solution #2.

Yet, could you give me a little more info regarding the first option please? I assume it is using the univention cli again but I want to make sure it’s done well for the system is live now…

thank you again! @pp303


Hi David,

You can do it a couple of ways:

  1. In the UMC go to the domain section, then domain join page and look for 50onlyoffice-ds and 50nextcloud, tick them and click the force execute button up top.

  2. from the cli you can run:

    • univention-run-join-scripts --force --run-scripts 50nextcloud.inst
    • univention-run-join-scripts --force --run-scripts 50onlyoffice-ds.inst

It’s supposed to be safe to re-run them - they’re meant to be idempotent

As I mentioned I haven’t had time to really dig into exactly what goes wrong, but to me it seems to be only on upgrade (unsure if it is just nextcloud, or onlyoffice or the nextcloud onlyoffice integration plugins).

Where I’ve completely uninstalled and re-installed the apps the integration has worked again. So probably something goes wrong with certificate chain when the containers are upgraded vs installed - but I would think the join scripts would be similar in both cases… soooo.


1 Like

Thanks… will try this tonight