Collabora cURL error 60: SSL certificate problem: self signed certificate in certificate chain

I've installed ownCLoud 9.1.2

My web interface works fine.

Then I've installed Collabora Online app from repository and Collabora docker image to the same server.
Collabora docker image instruction here

When I am trying to open Office in APP section in ownCloud I see this error

Collabora Online: Сертифікат SSL не встановлено.
Please ask your administrator to add ca-chain.cert.pem to the ca-bundle.crt, for example "cat /etc/loolwsd/ca-chain.cert.pem >> /resources/config/ca-bundle.crt" . The exact error message was: cURL error 60: SSL certificate problem: self signed certificate in certificate chain

I am sure that my bundle file is ok, because the same config file in vhost for and it's work without error.

I've added my bundle-ca to /var/www/owncloud/resources/config/ca-bundle.crt
It doesn't help.

What else can i do ?

Moved to the miscellaneous category as this is a 3rdparty docker image not related to ownCloud.

The docker image itself is using a self-signed certificate. Thats why you should use a nginx or apache webserver in front of the docker image providing a valid certificate like described in various resources collected here:

I use Apache as reversed proxy, but problem still here.

Maybe problem with my reverse proxy? How can I check ?


# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private/key
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on

# Encoded slashes need to be allowed
AllowEncodedSlashes On

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet retry=0
ProxyPassReverse /loleaflet

# WOPI discovery URL
ProxyPass /hosting/discovery retry=0
ProxyPassReverse /hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://$1/ws

# Admin Console websocket
ProxyPass /lool/adminws wss://

# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool
ProxyPassReverse /lool

There are tools like sslscan or available helping you to check your ssl configuration.

My based domain according to works fine.
But I cannot check my reverse proxy domain.

There are other tools available as previously advised:

A search on google should give you also other tools / resources how to check your SSL configuration if that reverse proxy is not reachable from the internet.

I have the same error, but I actually use a self signed certificate via Let's Encrypt.
Do you have any idea how I can configure LOOL to work with that? Official documentation does not support self signed certificates.

Nevermind... I thought I've added LOOL certificate to owncloud ca-bundel.crt, but did not.
I found it in the docker container mounted aufs.

How did you solve this?
I've the same problem, using self certificate...

This is an old issue, would you mind opening a new one with full information about your setup?