error with nextcloud self-signed certs, webdav source paths

On a standlone Kodi instance (internal network) I have linuxserver.io nextcloud and mariadb addon running.

Now I want to add a nexcloud webdav resource to the kodi source path (for instance pictures/photos). This fails to work due to nextcloud self-signed certificate.

I searched the forum for clues on how to go about telling kodi to use (or ignore) the nexcloud certificate. This is what I did:

find /storage -iname cert.crt

/storage/.kodi/userdata/addon_data/docker.linuxserver.nextcloud/config/keys/cert.crt

cp /storage/.kodi/userdata/addon_data/docker.linuxserver.nextcloud/config/keys/cert.crt /storage/.config/

openssl x509 -in cert.crt -noout -text

openssl x509 -in cert.crt -out nextcloud.pem

cp  nextcloud.pem cacert.pem

export SSL_CERT_FILE=/storage/.config/cacert.pem

systemctl restart kodi

ERROR: CCurlFile::Exists - Failed: SSL peer certificate or SSH remote key was not OK(60) for davs://USERNAME:PASSWORD@localhost:443/re

mote.php/webdav/files/USERNAME/Photos

Any ideas why this won't work?

PS: also tried the |verifypeer=false suffix (did not work)

vpeter thanks for your reply!

Before I created it I did not have a /storage/.config/cacert.pem

I presumed I could just make a certificate (in fact copy it) and put it in the designated spot and it would be used. Coincidentally are the certificates just separate files in a direcotry or just one file containing multiple certificates? (so you cat >> them)

Naturally I tried rebooting the box as well

Before my post I already found that post.

Quote

Also read this: How to connect to Filezilla FTP over TLS server to stream music?

Obviously I am missing something.

vpeter OK tried it but no go see below

2019-09-03 12:36:53.405 T:3002069872 DEBUG: libinput: event1 - debounce state: DEBOUNCE_STATE_RELEASED → DEBOUNCE_EVENT_TIMEOUT → DEBOUNCE_STATE_IS_UP

2019-09-03 12:36:53.418 T:3011907600 DEBUG: ProcessMouse: trying mouse action leftclick

2019-09-03 12:36:53.670 T:3011907600 DEBUG: ------ Window Deinit (DialogConfirm.xml) ------

2019-09-03 12:36:53.949 T:3011907600 DEBUG: ------ Window Deinit (DialogMediaSource.xml) ------

2019-09-03 12:36:53.981 T:3011907600 DEBUG: CGUIMediaWindow::GetDirectory ()

2019-09-03 12:36:53.981 T:3011907600 DEBUG: ParentPath = []

2019-09-03 12:36:54.003 T:2882610032 DEBUG: Thread waiting start, auto delete: false

2019-09-03 12:36:54.103 T:3011907600 DEBUG: ------ Window Init (DialogBusy.xml) ------

2019-09-03 12:36:54.111 T:2882610032 ERROR: CCurlFile::Exists - Failed: SSL peer certificate or SSH remote key was not OK(60) for davs://USERNAME:PASSWORD@localhost:443/re

mote.php/webdav/files/some_user/Kodi/Photos/VIDEO_TS.IFO|verifypeer=false&auth=SSL/TLS

2019-09-03 12:36:54.150 T:2882610032 ERROR: CCurlFile::Exists - Failed: SSL peer certificate or SSH remote key was not OK(60) for davs://USERNAME:PASSWORD@localhost:443/re

mote.php/webdav/files/some_user/Kodi/Photos/VIDEO_TS/VIDEO_TS.IFO|verifypeer=false&auth=SSL/TLS

2019-09-03 12:36:54.189 T:2882610032 ERROR: CCurlFile::Exists - Failed: SSL peer certificate or SSH remote key was not OK(60) for davs://USERNAME:PASSWORD@localhost:443/re

mote.php/webdav/files/some_user/Kodi/Photos/index.bdmv|verifypeer=false&auth=SSL/TLS

2019-09-03 12:36:54.233 T:2882610032 ERROR: CCurlFile::Exists - Failed: SSL peer certificate or SSH remote key was not OK(60) for davs://USERNAME:PASSWORD@localhost:443/re

mote.php/webdav/files/some_user/Kodi/Photos/BDMV/index.bdmv|verifypeer=false&auth=SSL/TLS

2019-09-03 12:36:54.233 T:2882610032 DEBUG: Thread waiting 2882610032 terminating

2019-09-03 12:36:54.238 T:3011907600 DEBUG: ------ Window Deinit (DialogBusy.xml) ------

2019-09-03 12:36:54.267 T:2882610032 DEBUG: Thread BackgroundLoader start, auto delete: false

2019-09-03 12:36:54.271 T:2882610032 DEBUG: Thread BackgroundLoader 2882610032 terminating

2019-09-03 12:36:58.439 T:3011907600 DEBUG: ------ Window Deinit (Pointer.xml) ------

2019-09-03 12:37:03.853 T:3011907600 INFO: CheckIdle - Closing session to http://127.0.0.1 (easy=0xb2f98a18, multi=(nil))

2019-09-03 12:37:11.913 T:2679350128 DEBUG: Thread JobWorker 2679350128 terminating (autodelete)

2019-09-03 12:37:24.729 T:3011907600 INFO: CheckIdle - Closing session to https://localhost (easy=0x3d17c40, multi=0xafe33150)

2019-09-03 12:37:32.418 T:2982142832 DEBUG: CAESinkPi:Drain delay:100ms now:0ms

@ vpeter I thought I had enabled curl debugging,... did I forget something? Do i need to modify

advancedsettings.xml ? (i used the on screen menus perhaps incorrectly)

Here's a recent (partial) log capture:

2019-09-03 16:07:17.537 T:3001021296 DEBUG: CLibInputPointer::ProcessMotion - event.type: 3, event.motion.x: 968, event.motion.y: 379

2019-09-03 16:07:17.556 T:2858824560 ERROR: CCurlFile::Stat - Failed: SSL peer certificate or SSH remote key was not OK(60) for davs://localhost:443/remote.php/webdav/file

s/some_user/Kodi/Photos/|verifypeer=false&auth=SSL/TLS

2019-09-03 16:07:17.556 T:2858824560 DEBUG: GetImageHash - unable to stat url davs://localhost:443/remote.php/webdav/files/xs4_rhebergen/Kodi/Photos/|verifypeer=false&auth

=SSL/TLS

2019-09-03 16:07:22.551 T:3011457040 DEBUG: ------ Window Deinit (Pointer.xml) ------

2019-09-03 16:07:23.318 T:3011457040 INFO: CheckIdle - Closing session to http://127.0.0.1 (easy=0xb0fddd60, multi=(nil))

2019-09-03 16:07:47.459 T:2875609968 DEBUG: Thread JobWorker 2875609968 terminating (autodelete)

2019-09-03 16:07:47.459 T:2674185072 DEBUG: Thread JobWorker 2674185072 terminating (autodelete)

2019-09-03 16:07:47.556 T:2858824560 DEBUG: Thread JobWorker 2858824560 terminating (autodelete)

2019-09-03 16:07:47.629 T:3011457040 INFO: CheckIdle - Closing session to https://localhost (easy=0x37a6fe8, multi=0x37adb58)

Perhaps it is easier to convince nextcloud to do webdav not over port 443 After all this host is inside a (trusted) home network behind a firewall. I will be creating a different one in the future which will have outside access and thus will use https and letsencrypt generated certificates.

Still it bugs me why this selfsigned is not possible. Judgind from other posts it is though

vpeter yeah i found your previous posts. It can be disheartening at times when it just doesn't want to work despite best efforts.

I can only think that in my efforts to get it working and in the process of installing something got in the way (or broke) Given the fact that this is a fresh install with no media or users on it yet I could decided to trash it and start all over again using what I have learnt in the meantime. It's kind of a last resort idea.

Although I am a old Linux user I am new to Kodi and also relatively new to docker. So I'm slightly handicapped there.

In your opinion what are the gotchas to look out for when trying to solve this riddle? For instance where are the certificates supposed to be located in the kodi filesystem? Are all certificates concatenated in one file or are they separate in a directory? (i've seen both). So, any pointers on how to approach this are welcome. By the way how to I properly enable component loging for curl? (I though I did)

Thanks so far!

Like this?

Issuer: C = US, ST = CA, L = Carlsbad, O = Linuxserver.io, OU = LSIO Server, CN = *

Checked the /etc/ssl/cacert.pem.system and /run/libreelec/cacert.pem files. It seems the selfsigned certificate from nextcloud is indeed added which is nice to know

When trying to run curl from the bash prompt:

 curl: (1) Protocol "davs" not supported or disabled in libcurl

aptalca yep I briefly looked into it (this is what i do on my regular server with its own public IP).

the question is what how do you set the parameters for a systems that's on a local net behind a firewall.

aptalca

OK that sounds like a plan! Could you point me to some more docs or howtos perhaps? (noob proof if possible Still a bit fuzzy about it.

(I could tickle my own bind instance to resolve my home ip (although reverse will fail being a residential IP's name) Not familiar with duckdns though. )