Guest - Testers are needed for the reworked CDateTime core component. See... https://forum.kodi.tv/showthread.php?tid=378981 (September 29) x
Linux Web dav with self signed certificate (self-hosted nextcloud server)
#1
I am trying to setup web davs with my self hosted nextcloud server but it doesn't work.

Is it possible to do it with self signed certificates?

Here's what I've done:

Enter the new network location as davs (https) with port 443 and remote.php/dav/files/USERNAME/

Url looks like this:
`davs://address.com:443/remote.php/dav/files/user/`

Copy and paste the pem file (certificate) generated from the server to the .kodi/system/certs folder. 

I get the following error:
`Failed: SSL peer certificate or SSH remote key was not OK(60)`
Reply
#2
Take a look here, maybe it will help you.

https://kodi.wiki/view/SSL_certificates
Reply
#3
Thank you. I don't think I've looked up that page before.

I have tried every steps, but none works. Neither does verifypeer=false.
Reply
#4
I could still offer you that.

https://forum.kodi.tv/showthread.php?tid...pid3169587

Personally, I use a Synology NAS with WebDAV server so I don't have these problems.
Reply
#5
Same as in the other thread, a debug log might give some clues. Turn on debug mode, restart Kodi, reproduce the issue, copy/paste content of kodi.log into paste.kodi.tv and post the link here.

The interesting information may be logged on the nextcloud side instead, but you're not going to get support for that here.
Always read the Kodi online-manual, the FAQ and search the forum before posting.
Do not e-mail Kodi Team members directly asking for support. Read/follow the forum rules (wiki).
For troubleshooting and bug reporting please make sure you read this first.
Reply
#6
There it is:

Log:

error <general>: CCurlFile::CReadState::FillBuffer - (0x7f7f700f3c90) Failed: SSL peer certificate or SSH remote key was not
OK(60)
error <general>: CCurlFile::Open - <https://hostname.com:443/remote.php/dav/files/username/> Failed with code 0:

error <general>: GetDirectory - Unable to get dav directory (davs://USERNAMETongue[email protected]:443/remote.php/dav/files/username/)
error <general>: GetDirectory - Error getting davs://hostname.com:443/remote.php/dav/files/username/
error <general>: CGUIMediaWindow::GetDirectory(davs://hostname.com:443/remote.php/dav/files/username/) failed
 info <general>: Loading skin file: DialogConfirm.xml, load type: KEEP_IN_MEMORY
error <general>: CCurlFile::CReadState::FillBuffer - (0x7f7fb4026490) Failed: SSL peer certificate or SSH remote key was not
OK(60)
  error <general>: CCurlFile::Open - <https://ipaddress:443/remote.php/dav/files/username/> Failed with code 0:

  error <general>: GetDirectory - Unable to get dav directory (davs://USERNAMETongueASSWORD@ipaddress:443/remote.php/dav/files/username/)
  error <general>: GetDirectory - Error getting davs://ipaddress:443/remote.php/dav/files/username/
  error <general>: CGUIMediaWindow::GetDirectory(davs://ipaddress:443/remote.php/dav/files/username/) failed
warning <general>: CGUIWindowManager - HandleAction - ignoring action 107, because topmost modal dialog closing animation is running
  error <general>: CCurlFile::CReadState::FillBuffer - (0x7f7fb4004990) Failed: SSL peer certificate or SSH remote key was not
OK(60)
error <general>: CCurlFile::Open - <https://ipaddress:443/remote.php/dav/files/username/> Failed with code 0:

error <general>: GetDirectory - Unable to get dav directory (davs://USERNAMETongueASSWORD@ipaddress:443/remote.php/dav/files/username/|verifypeer=false)
error <general>: GetDirectory - Error getting davs://ipaddress:443/remote.php/dav/files/username/|verifypeer=false
error <general>: CGUIMediaWindow::GetDirectory(davs://ipaddress:443/remote.php/dav/files/username/|verifypeer=false) failed


I tried with 3 different ways, one with hostname, ip address and ip with verifypeer=false. As you can see in the log, I get failed SSL 3 times.

I've looked into my Nextcloud log. It doesn't seems to log the failed attempt to connect.
Reply
#7
I've also tried to add advancedsettings.xml. I see it is loaded in the log file. The log file contains:
Quote:<advancedsettings>
 <network>
<catrustfile>/home/username/.kodi/system/certs/cacert.pem</catrustfile>
</network>
</advancedsettings>
Reply
#8
I've created a new certificate, changed it in apache on the server then updated ca-certificates on my device and added a copy referenced in the .kodi folder. None is working.
Reply
#9
provide a full debug log on https://paste.kodi.tv
Reply
#10
There it is:

https://paste.kodi.tv/bodupimoro.kodi
Reply
#11
Another one with debug activated

https://paste.kodi.tv/ijobacupik.kodi
Reply
#12
I've noticed that my dav mount on another device is using /nextcloud/remote.php/dav/files/user. I tried this, with and without port,   with and without verifypeer. Still not working
Reply
#13
Ok, I,ve tried again to make a new self signed certificate. This time I've added common name (CN) with my custom hostname.com. 

Now the folder open but there's nothing. I will test more later.

Here is a sample command of the self signed certificate that I've installed on the apache:

openssl req -x509 -newkey rsa:4096 -keyout myhostname.com.key -out myhostname.com.crt -sha256 -days 3650 -nodes -subj "/C=XX/ST=Province/L=City/O=CompanyName/OU=CompanySectionName/CN=myhostname.com"

I've had to change the proper destination in my appache settings. In my case, it was the httpd-vhosts.conf, but I think for most people it should be in httpd-ssl.conf.
Reply
#14
So, it no longer works. This time it is because of timeout. For some reason, I've been able to connect without timeout, but now it is slow. And it is indeed because of slow webdav connection as when I try to mount the webdav, it is very slow (but for some reason, the first time I did mount it after restart, it was fast). I suppose this is no longer a kodi issue although I would be interested if there could be a way to upper the timeout limit while I figure out how to make it faster.
Reply
#15
Alright it works!

I am able to mount webdav with Nextcloud with my self signed certificates.

So here's the dav config that works:

Select webdavs (https) (don't use http)

myhostname.com (replace myhostname.com)
remote.php/dav/files/username (replace username)
port 443
(add proper user account and password)
Here is the certificate command that worked for me (replace myhostname.com):
openssl req -x509 -newkey rsa:4096 -keyout myhostname.com.key -out myhostname.com.crt -sha256 -days 3650 -nodes -subj "/C=XX/ST=Province/L=City/O=CompanyName/OU=CompanySectionName/CN=myhostname.com"

Change the proper ssl files source in appache settings. In my case, it was the httpd-vhosts.conf, but I think for most people it should be in httpd-ssl.conf.

Install Certificate on device(s). In my case (Ubuntu):

sudo scp  [email protected]:/path/to/file.crt /usr/local/share/ca-certificates

Then

sudo update-ca-certificates

I've also added a copy of the certificate in .kodi/system/certs but I don't know if it does anything.

On the server, add the following in nextcloud/config/php to get faster webdav connection
'auth.bruteforce.protection.enabled' => false,
(This is potentially not a good solution and there might be better in the following link)
Source: https://help.nextcloud.com/t/slow-webdav...ce/11255/3

Then restart apache.I think the command is:
sudo apachectl restart


Works great for me. I hope this will help other users as well.
Reply

Logout Mark Read Team Forum Stats Members Help
Web dav with self signed certificate (self-hosted nextcloud server)0