Collabora online + nextcloud without docker SSL handshake Error

Trying the whole to make it work with nextcloud under apache without docker.
When I go on admin link I got.

And it is the same when I try to edit/create file:

I edit a lot of time my apache conf.

<IfModule mod_ssl.c>
  SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)

  <VirtualHost *:443>
    ServerName collabora.XXXXXX.XXX
    # Collabora config
    Options -Indexes
    # Encoded slashes need to be allowed
    AllowEncodedSlashes NoDecode
    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    # keep the host
    ProxyPreserveHost On
    SSLEngine On

    # static html, js, images, etc. served from coolwsd
    ProxyPass           /browser retry=0
    ProxyPassReverse    /browser

    # WOPI discovery URL
    ProxyPass           /hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery

    # Capabilities
    ProxyPass           /hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities

    # Main websocket
    ProxyPassMatch "/cool/(.*)/ws$" ws://$1/ws nocanon

    # Admin Console websocket
    ProxyPass   /cool/adminws ws://

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /cool
    ProxyPassReverse    /cool

    # Compatibility with integrations that use the /lool/convert-to endpoint
    ProxyPass           /lool
    ProxyPassReverse    /lool

      SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on

    ErrorLog "/var/log/apache2/collabora_error"
    Include /etc/letsencrypt/options-ssl-apache.conf
    Header always set Strict-Transport-Security "max-age=31536000"
    SSLUseStapling on
    SSLCertificateFile /etc/letsencrypt/live/collaboa.XXXXXX.XXX/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/collabora.XXXXXX.XXX/privkey.pem

If somebody can help because I am tired and got no more idea ^^.


Hi @Shad and sorry for the spam bot’s shenanigans… I have approved and now this post s visible for everyone

Is that supposed to be a terminating reverse proxy set up? If so, in /etc/coolwsd/coolwsd.xml, have you set ssl.enable to false and ssl.termination to true?

Yes I had set correctly these 2 lines.

<enable default="true" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." type="bool">fal>
<termination default="true" desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool">true</termination>

I have no more idea to resolve that …