I just setup Seafile and everything seem to be working fine and was able to login to the website and so on.
However when trying to run the Windows desktop client for the 1st time, I can login, but then for “My Library” it keeps getting “Failed to establish secure connection” and won’t sync. Searching I did find https://forum.seafile.com/t/seafile-server-not-syncing-with-https/560, but doing what it said by putting
in my /etc/nginx/nginx.conf and restarting nginx didn’t help.
I also get the same thing when trying to run the Linux desktop client as well. I’m thinking of trying to use Let’s Encrypt instead of the self signed ssl and see if that maybe helps, will update if it does.
Did you check the box in the clients to disable certificate validation?
Thanks yeah that did it.
So I think I understand, with self signed ssl I need to disable certificate validation, but if I do switch to Let’s Encrypt then I will want to turn that back on.
Again thanks for the help.
Right! It’s also useful for non IT guys to be able to access your shared files with ease. Might also help that “this server can be trusted”.
Here is an article from the Syncwerk Forum about setting it up:
You might have to read though some articles on Google. I have no idea how it is done in Windows.
Does the disabling of certificate validation prevent of using secured connection so it becomes unsecured? I think it is not a good idea to disable it.
Had the same problem with the self-signed certificate and the solution was very simple - you should to have right names in your server settings (in my case it was an external IP, because i don’t use domain name) while you generating certificate. So this name should be the same with an address (or IP) on which your client is connecting.
Yeah, i know how SSL works. Actually my question was about how does seafile desktop client work when you check or uncheck “disabling of certificate validation”.
Well the connection itself is still encrypted. It’s more about if you trust the certificate that is not officially signed. Anybody could issue a self-signed certificate and your client would basically accept it. Same as in browser.
Thanks a lot for your explanation!