Topic on Talk:Parsoid

Dear supporters,

I am getting curl error 35 when using VisualEditor under SSL connection, and I had my HSTS enabled. So I currently am investigating my stunnel configuration. Can Parsoid and my website use the same set of SSL certificate? Or do I have to generate a new set?

Below is my config file.

cert = /etc/letsencrypt/live/mydomian.com/cert.pem

key = /etc/letsencrypt/live/mydomian.com/privkey.pem

CAfile = /etc/letsencrypt/live/mydomian.com/chain.pem

[www]

accept  = 8143

connect = 8142

LocalSettings.php config:

$wgVirtualRestConfig['modules']['parsoid'] = array(

// URL to the Parsoid instance

// Use port 8142 if you use the Debian package

'url' => 'https://mydomian.com:8142',

// Parsoid "domain", see below (optional)

'domain' => 'mydomian.com',

// Parsoid "prefix", see below (optional)

'prefix' => 'mydomian.com'

);

Yes, they can share the same TLS cert, if needed.

Do you happened to know any possible reasons that might produce error 35? I am out of clues. Or is this error logged more detailly somewhere else?

Well, first things first. Did you get Parsoid working with VE before trying to enable TLS? Are Parsoid and MediaWiki hosted on the same machine?

I did get Visual Editor working without TLS. Problem starts with TLS. And they are hosted on the same machine.

worked for me using Letsencrypt certs - I had this same error and I resolved it by opening up a new port on our azure container (8000) and then a vhost in apache to forward 8000 to localhost:8142, and then pointing mediawiki's LocalSettings.php to https://myhost:8000 - it required a bit of work in the apache config to get it working:

```<VirtualHost *:8000>

  ProxyPreserveHost On

  ProxyRequests Off

  ServerName mydomain

  SSLEngine on

  SSLCertificateFile /etc/letsencrypt/live/mydomain/fullchain.pem

  SSLCertificateKeyFile /etc/letsencrypt/live/mydomain/privkey.pem

  ProxyPass / http://localhost:8142/

  ProxyPassReverse / http://localhost:8142/

</VirtualHost>```