Cannot verify hostname, who is to blame ? Logcat output





  • @untitaker Thanks!



  • @untitaker, I added that dav line you suggested and reverted all other settings to what you see above. The only error message in my logs is this one, which hasn't caused any problems with the other services I'm running:
    [error] 26431#0: OCSP_basic_verify() failed (SSL: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:Verify error:unable to get local issuer certificate) while requesting certificate status, responder: ocsp.startssl.com
    If any of you are interested, I have created a test user account: davtest@zimbra.local/DAVTest123!



  • I have the ssl_-options inside the server clause, so maybe try that?. Also I find it a bit weird that you listen to two ports at the same server, but if it's working, so be it.

    If any of you are interested, I have created a test user account: davtest@zimbra.local/DAVTest123!

    I don't think we'll be able to reach your installation from here 🙂



  • You should be able to log in to mail.awesomegeek.com with that account from anywhere that allows traffic on port 443. I am currently off-site and can access it just fine. The Nginx SSL options are allowed to live just about anywhere according to the docs, and are currently working for many other services with the above config. cloud.awesomegeek.com is currently running an OwnCloud instance behind the same reverse-proxy with another server section that I have not included for brevity. I have been successfully able to mount WebDAV shares from it, so I know that at least some DAV is able to work through this proxy config. If you want my full server list, I can provide that, but it didn't seem relevant.



  • Ah yes, that's the information we're missing 😛

    But seriously, I'll give it a try tomorrow or so.



  • I notice you're using StartSSL. To make nginx and StartSSL work together properly, there's some certificate concatenation that's needed. Have you done so? If not, this could explain the above error. (If you don't properly concatenate the certificates, some things will work and others won't, which makes it hard to debug.)



  • @dper Yes, I have concatenated the certs. Validation gets an A rating from https://www.ssllabs.com/ssltest/analyze.html?d=awesomegeek.com.

    I just created a davtest account on my OwnCloud instance and have successfully gotten DAVdroid to sync to it without issues. I'm beginning to suspect that this is more of a Zimbra issue, so I will be opening a thread on their forums. Thanks for looking at this, guys. Hopefully we can get to a solution that will benefit other users. I'll post back if a fix is identified.



  • It might not even be a problem with Zimbra, but maybe the fact that some information gets lost when reverse-proxying (which Zimbra might not like). Things like X-Forwarded-* headers?

    E.g. Zimbra might require to know the hostname under which it is accessible, to do redirects properly.


  • developer

    Any news on this issue?