still no working with matrix

[bendschs]

failing with the following error. configuration seems to be right.

time="2021-01-21T13:03:39+01:00" level=info msg="Running version 1.21.0 cf13fff7" prefix=main
time="2021-01-21T13:03:39+01:00" level=info msg="Parsing gateway myGateway" prefix=router
time="2021-01-21T13:03:39+01:00" level=info msg="Starting bridge: matrix.0 " prefix=router
time="2021-01-21T13:03:39+01:00" level=info msg="Connecting https://matrix.server.ch" prefix=matrix
time="2021-01-21T13:03:46+01:00" level=info msg="Connection succeeded" prefix=matrix
time="2021-01-21T13:03:46+01:00" level=info msg="matrix.0: joining !POAhXkFRWkMHCNkjnxm:matrix.server.ch (ID: !POAhXgFRWkMHCNwnxm:matrix.server.chmatrix.0)" prefix=matrix
time="2021-01-21T13:03:51+01:00" level=info msg="Starting bridge: nctalk.1 " prefix=router
time="2021-01-21T13:03:51+01:00" level=info msg=Connecting prefix=nctalk
time="2021-01-21T13:03:51+01:00" level=error msg="Cannot Connect" prefix=nctalk
time="2021-01-21T13:03:51+01:00" level=fatal msg="Starting gateway failed: Bridge nctalk.1 failed to start: Get "https://cloud.server.ch:45083/ocs/v2.php/cloud/capabilities": x509: certificate signed by unknown authority" prefix=main

how come this app is being promoted by nextcloud on twitter when it is still not working at all? a wiki would be nice, there is no information how to install or configure.

cheers bendsch

[gary-kim]

Is your TLS certificate for your Nextcloud self-signed?

[bendschs]

it is a "let‘s encrypt" certificate.

[gary-kim]

I just tried going to the link from the logs. Looks like your instance is using a certificate issues by ZeroSSL. It seems your certificate is not trusted by the default certificate store on your system. I just tried from my system and it doesn't seem to be trusted by my Ubuntu 18.04 base system either.

Looks like we may need to expose the SkipTLSVerify option. Maybe we can make it automatic for the user where we check if the certificate used by the local Nextcloud is trusted by the system then enable the option if it isn't?

cc @eneiluj

[nickvergessen]

Is this enough?

sudo -u www-data php occ security:certificates:import --help
Description:
  import trusted certificate in PEM format

Usage:
  security:certificates:import <path>

Arguments:
  path                  path to the PEM certificate to import

Options:
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
      --no-warnings     Skip global warnings, show command output only
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

[gary-kim]

We could set the SSL_CERT_FILE and SSL_CERT_DIR environment variables (docs) while running Matterbridge to get it to use the Nextcloud certificate store. That way, you can import certificates through occ and Matterbridge will use it was well.

[bendschs]

I just tried going to the link from the logs. Looks like your instance is using a certificate issues by ZeroSSL. It seems your certificate is not trusted by the default certificate store on your system. I just tried from my system and it doesn't seem to be trusted by my Ubuntu 18.04 base system either.

Looks like we may need to expose the SkipTLSVerify option. Maybe we can make it automatic for the user where we check if the certificate used by the local Nextcloud is trusted by the system then enable the option if it isn't?

cc @eneiluj

oh yes, of course you are right, i switched to zeroSSL some time ago .. so is there something i can do or would you recommend to wait for the next nc-matterbridge release?