Seafile 13, caddy customer certificate and seadoc

Seafile Server Docker
1

Hello,

I’m working of a brand new seafile 13 docker install on debian with cady and custom certificates as described here HTTPS and Caddy - Seafile Admin Manual. This all works w/o any issues and when I access https://seafile.mydomain.ca seafile loads and I can see that my custom certificates are used. The log file of the seafile-caddy container confirms the loading of my custom certificates:

{"level":"info","ts":1764970157.3133643,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000233880"}
{"level":"warn","ts":1764970157.3161247,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [sksrv04.safeback.ca]: no OCSP server specified in certificate"}
{"level":"info","ts":1764970157.3164048,"logger":"http.auto_https","msg":"skipping automatic certificate management because one or more matching certificates are already loaded","domain":"seafile.mydomain.ca","server_name":"srv0"}
{"level":"info","ts":1764970157.316458,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}

When I add seadoc to the environment according to SeaDoc Integration - Seafile Admin Manual. The seadoc server loads without any issues. https://seafile.mydomain.ca/sdoc-server/ returns:

image

However, when I try to load a sdoc file I get the “Load doc content error” and in the log file /opt/seadoc-data/logs/sdoc-server.log the following error is shown:

[ERROR] index.js[179] - error_message: unable to verify the first certificate

[2025-12-05 15:37:41] [ERROR] index.js[177] - Service unknown error
[2025-12-05 15:37:41] [ERROR] index.js[178] - error_type:  UNKNOWN_ERROR
[2025-12-05 15:37:41] [ERROR] index.js[179] - error_message:  unable to verify the first certificate
[2025-12-05 15:37:41] [ERROR] index.js[180] - error_stack:  Error: unable to verify the first certificate
    at AxiosError.from (/opt/sdoc-server/sdoc-server-2.0.9/sdoc-server/node_modules/axios/dist/node/axios.cjs:907:14)
    at RedirectableRequest.handleRequestError (/opt/sdoc-server/sdoc-server-2.0.9/sdoc-server/node_modules/axios/dist/node/axios.cjs:3328:25)
    at RedirectableRequest.emit (node:events:536:35)
    at eventHandlers.<computed> (/opt/sdoc-server/sdoc-server-2.0.9/sdoc-server/node_modules/follow-redirects/index.js:38:24)
    at ClientRequest.emit (node:events:524:28)
    at emitErrorEvent (node:_http_client:101:11)
    at TLSSocket.socketErrorListener (node:_http_client:504:5)
    at TLSSocket.emit (node:events:524:28)
    at emitErrorNT (node:internal/streams/destroy:169:8)
    at emitErrorCloseNT (node:internal/streams/destroy:128:3)
    at Axios.request (/opt/sdoc-server/sdoc-server-2.0.9/sdoc-server/node_modules/axios/dist/node/axios.cjs:4483:41)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[2025-12-05 15:37:41] [ERROR] document-controller.js[56] - The content of the document loaded error
[2025-12-05 15:37:41] [ERROR] document-controller.js[74] - Load tsdoc.sdoc(f16ed131-5265-48c9-8ebd-88560f13d247) from https://sksrv04.safeback.ca/seafhttp/files/bc03f5a6-a3c4-4315-a5b7-f57878738a84/tsdoc.sdoc error

If I disable https for seafile, seadoc works without any issues. I assume the issue is around:

  • seafile 13
  • caddy with https and custom certificate
  • seadoc not able to access the custom certificate

This error is reproducable and consitent as soon as caddy is configured with a custom certificate.

Any help, suggestion on how to fix this is appreciated.

2

As you already find the cause of the issue, you can try to make SeaDoc container trust your custom certificate.

Here are some suggestions by AI:

To resolve the issue, please follow these steps:

  1. Add CA Certificates to the SeaDoc Environment:
  • Mount your custom CA certificate into the SeaDoc container. You can do this by adding it as a volume in your Docker configuration:
-v /path/to/your/custom_ca.crt:/usr/local/share/ca-certificates/custom_ca.crt
  • Create a script to update the CA certificates and mount it:
-v /path/to/your/02_updatecerts.sh:/etc/my_init.d/02_updatecerts.sh
  • Content of 02_updatecerts.sh should be:
#!/bin/bashupdate-ca-certificates
  1. Set Node.js Environment Variables:
  • Ensure that the Node.js environment in the SeaDoc server is informed about the custom CA. You can set the following environment variables in your docker-compose.yml or Docker run command:
environment:  - NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt  - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt  - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt  - DEFAULT_CA_BUNDLE_PATH=/etc/ssl/certs/ca-certificates.crt
3

Hello

I got the issue resolved. After searching for:

index.js unable to verify the first certificate

I found:

Server-Side Misconfiguration:

  • Missing Intermediate Certificates: The server might be providing its certificate without including the necessary intermediate certificates in the chain. Node.js needs the full chain to verify the root certificate.

  • Solution: Ensure the server is configured to send the complete certificate chain, including all intermediate certificates issued by the Certificate Authority (CA).

My issue was that I did not include the full certificate chain in seafile-server.yml.

caddy.tls: “/data/caddy/certs/host.example.com/fullchain.pem/data/caddy/certs/host.example.com/cert.pem.key”

After supplying the fullchain certificate everything is working without issues.