SeaDrive permission denied when connecting to HTTPS

I have seafile server configured using HTTPS. The seafile client can successfully download files but the SeaDrive client cannot.

The log file shows the following:

[05/01/17 14:26:21] sync-mgr.c(561): Repo ‘My Documents’ sync state transition from ‘get token’ to ‘downloading’.
[05/01/17 14:26:21] http-tx-mgr.c(4806): Download with HTTP sync protocol version 1.
[05/01/17 14:26:21] http-tx-mgr.c(1117): Transfer repo ‘85caba8a’: (‘normal’, ‘init’) --> (‘normal’, ‘check’)
[05/01/17 14:26:21] http-tx-mgr.c(2351): Bad response code for GET https://xyz.com/seafhttp/repo/85caba8a-b5a8-4b97-a33b-678fa7d62ffe/permission-check/?op=download&client_id=34b28db612a348bea3ee3364a9ab4ed788de53e5&client_name=MyPC: 400.
[05/01/17 14:26:21] http-tx-mgr.c(4812): Download permission denied for repo 85caba8a on server https://xyz.com.
[05/01/17 14:26:21] http-tx-mgr.c(1117): Transfer repo ‘85caba8a’: (‘normal’, ‘check’) --> (‘error’, ‘finished’)
[05/01/17 14:26:21] sync-mgr.c(595): Repo ‘My Documents’ sync state transition from downloading to ‘error’: ‘Error occured in download.’.

I have set SeaDrive to ignore HTTPS checks. Anything else I need to do?

Thanks

Any log on the server related to this error? You should check web server’s access and error log, as well as seafile.log.

No, there is nothing in the seafile server logs. When I login to a server without HTTPS, there is no problem. It is only when I specify HTTPS as the server does the problem arise, even though the option to ignore HTTPS checks is selected.

As I mentioned, using Seafile Client connected to an HTTPS server is absolutely fine.

is what you use two-factor authentication?

No it’s not 2-factor authentication. It’s just a login via my account.

Actually, Seafile Client has the same problem. I thought it was working with Seafile Client but it too has problems with HTTPS.

I converted my Windows install of Seafile Server to https by following the instructions here https://jefferytay.wordpress.com/2014/05/07/enabling-https-for-seafile-windows/ which is basically redirecting https access to the Seafile Server.

Did you get this working again?

I also did the HTTPS for windows thing, and it worked fine, but after a reboot the web server won’t let me in.

Page unavailable
Sorry, but the requested page is unavailable due to a server hiccup.
Our engineers have been notified, so check back later.

No, I gave up in the end. The Android client was fine yet the Windows client had issues, despite telling it to ignore HTTPS certificates. It appears that the Windows client and the Android client don’t use the same protocols to make the connection and I don’t know why the developers would do that. I couldn’t be bothered to spend hours looking at network packets and other configuration.

You can just use letsencrypt and won’t have any issues.

1 Like

I for one would be very interested to know how I can use letsencrypt on my desktop. The above discussion seems to be about https certificates on a Windows desktop. I’m using a linux desktop but I have the same problem in that I don’t have a static ip and therefor I don’t have a static domain name. Maybe things are different in other places, but I think dynamic ip’s are the norm here in the US and I’ve always thought that letsencrypt required a domain name. So, if you know of a way to use it on a desktop can you explain that or post some links that will show me (us) how to do this?

TIA

Hi @henrythemouse use DynDNS for your server, then you can create CNAME DNS Record for you domain (or use that one gived from dynDNS).

DynDNS give domain name like henrythemouse.dyndns.org. You just install their client on your computer and then you will have domain name and ability to use let’s encrypt.

https://dyn.com/dns/

1 Like

Have you actually tried this, holantomas? I do use a dynamic dns service. The one I use is freedns, because they are free :-). The trouble I have with using letsencrypt on that domain is that letsencrypt doesn’t support these types of domains. In your example the domain dyndns.org might have a couple thousand subdomains assigned to it. henerythemouse would only be one of those. When I run letsencrypt on henrythemouse.dyndns.org it fails and says that there are too many certs assigned to that domain (to paraphrase). All the discussions I’ve read on this issue (and there are many) end up with letsencrypt not supporting dynamic dns domains.

Maybe things have recently changed?

Thanks for your reply.

The best solution would be to register your own domain. It costs a few dollars per year, but you can use a cheap domain (There are many other affordable domain names. Make sure it’s not an offer just for the first year but the price is low in general. As an example .de often is available for 2€ per year + 2€ setup fee once).

For that domain you can set a CNAME to your dyndns name. In case the dyndns name changes or you want to use another ddns provider you can just change the CNAME record. With your own domain you’re now able to get letsencrypt certificates and in case you’re hosting different services you can use a subdomain for each of them.

1 Like

Well, I learned something today. I’ve used cname records in the past but I guess I’ve not understood what they really did. You are quite right, it’s the best way to fix this problem, I had never thought of using cname records to point to a dynamic dns domain name. I’ll detail what I had to do for those who might read this in the future.

I had a domain name already, so I decided on a good subdomain name and modified the seafile apache conf file’s ServerName to reflect the new subdomain (restarted apache). After that I added the new subdomain to the dns zonefile using the providers web ui. Then I pointied the new subdomain at my dd domain, selecting ‘cname’ for the record type as you suggested. My SeaFile site wouldn’t work yet, it still needed the certs to be installed. I used certbot (a client to install letsencrypt certs) to create the cert and modify my apache2 config automatically. Certbot is in the debian9 stable archive and the process is simple. Just run the command

certbot --apache

I answered a couple of simple questions and the rest was done for me.

SeaFile is up and runing now, without having to do the selfsigned hack.
Thanks for your help.

That’s what I said. You have couple of DNS Record types. Every DNS record is saved to bind file on DNS server, it’s just a text file which define on new row of this files DNS record. For example A Record is IPv4 to domain name. AAAA Record is IPv6 to domain name. And as you find CNAME Record is domain name to domain name. It’s just translation for one indetificator to human readable Record aka domain name. CNAME is just alias.

I guess I must have a bit of a hard head. It took a while, some testing and you and shoeper laying it out for me before I could finally understand how it could work. Thanks goes to the both of you. I’m sure others having this problem will appreciate your comments as well.

There did you see this good offer? I thought df.eu is already quite cheap with 10 €/year, but maybe I should move my domain to another provider.

At https://www.netcup.de the regular price is 5.04€ per year but they often have a special offer for the price above (it’s not for one year, but permanent).

1 Like