Create New CERT

CptPlastic

Im not sure what im doing wrong here. I created a new signing cert as per the updated instructions I created one with a password and one without thinking it was not getting the password from someplace. I dont see any cert configuration in the .env file so im not sure that its even needed. Here is the error I get now.

Error: Failed to get private key bags
Aug 12 10:21:16 at I (/run/documenso/apps/web/.next/server/chunks/8946.js:1:1144118)
Aug 12 10:21:16 at async I (/run/documenso/apps/web/.next/server/chunks/8946.js:1:1142215)
Aug 12 10:21:16 at async k (/run/documenso/apps/web/.next/server/chunks/8946.js:1:6584)
Aug 12 10:21:16 at async h (/run/documenso/apps/web/.next/server/pages/api/trpc/[trpc].js:1:44521)
Aug 12 10:21:16 at async /run/documenso/apps/web/.next/server/pages/api/trpc/[trpc].js:1:142833
Aug 12 10:21:16 at async resolveMiddleware (file:///run/documenso/node_modules/@trpc/server/dist/index.mjs:420:30)
Aug 12 10:21:16 at async callRecursive (file:///run/documenso/node_modules/@trpc/server/dist/index.mjs:456:32)
Aug 12 10:21:16 at async callRecursive (file:///run/documenso/node_modules/@trpc/server/dist/index.mjs:456:32)
Aug 12 10:21:16 at async resolve (file:///run/documenso/node_modules/@trpc/server/dist/index.mjs:486:24)
Aug 12 10:21:16 at async inputToProcedureCall (file:///run/documenso/node_modules/@trpc/server/dist/resolveHTTPResponse-cd1a9112.mjs:46:22) {
Aug 12 10:21:16 code: 'GenericFailure'
Aug 12 10:21:16 }

CptPlastic

Here is a solution to fix this. Its a workaround till documentoso gets this fixed.
https://github.com/documenso/documenso/issues/1171

Use the -legacy flag

Same steps as before.

openssl genrsa -out private.key 2048
openssl req -new -x509 -key private.key -out certificate.crt -days 365
a. Fill out all the details.
openssl pkcs12 -export -out cert.p12 -inkey private.key -in certificate.crt -legacy
a. If you set a password you have to add this line to your .env file.
NEXT_PRIVATE_SIGNING_PASSPHRASE={YourStrongPassHere}
Restart your app.

nebulon

I can reproduce this, also the docs need fixing to set the correct file ownership to the cloudron user.

The current flow is mostly copied from https://github.com/documenso/documenso/blob/v0.9/README.md#creating-your-own-signing-certificate which apparently is not fully correct then.

Not yet sure what the error really means, but to use the app for filling out forms and signing documents, this is not required and only optional.

CptPlastic

@nebulon This is true, however if you have a signing inspector this will not pass as the signing cert is not related to the origin of the document. That is what lead me down this path to try and get the new cert to work. Also the one that comes with it will expire.

I did try to set the owner to cloudron. I may try again to see if I can get it to work.

CptPlastic

I think I found a solution. I'm testing it now.

CptPlastic

Here is a solution to fix this. Its a workaround till documentoso gets this fixed.
https://github.com/documenso/documenso/issues/1171

Use the -legacy flag

Same steps as before.

openssl genrsa -out private.key 2048
openssl req -new -x509 -key private.key -out certificate.crt -days 365
a. Fill out all the details.
openssl pkcs12 -export -out cert.p12 -inkey private.key -in certificate.crt -legacy
a. If you set a password you have to add this line to your .env file.
NEXT_PRIVATE_SIGNING_PASSPHRASE={YourStrongPassHere}
Restart your app.

nebulon

Thanks for that info! I have put those changes into the docs at https://docs.cloudron.io/apps/documenso/ now

jonajinga

Thanks @CptPlastic & @nebulon for working through this. I've got mine up and running now.

Best,

Jon

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Create New CERT