Web Server blank page

DEVONthink Web Server now loads a blank page after entering Username and Password.

I’m thinking it may be something is now blocked due to another round of OS X security updates? Maybe under the hood - or maybe DT v3.8 changed something?

The initial web server login page appears as normal, looks fine. After entering details it takes a few seconds, and gives a blank page. Same on Safari, Brave and Chrome.

I use https://ngrok.com to provide the connection, and it has worked fine for the last couple of years, and nothing new was updated from them, so I don’t think that is the problem.

Any idea where to look.…?

Did you try stopping and starting the server in DEVONthink’s preferences?

Yes I did. Rebooted etc.

What OS?

Latest version of Catalina is on the system running the server.

And what OS and browser are you using to access the web interface?

Accessing with laptops on both Monterey and Catalina, using Safari, Chrome and Brave - all the same results.

Any virus or other security software running?

By chance to you have a Windows or Linux machine you can try to access the web site? Or maybe an IOS or Android device? Maybe borrow if possible.

Look at every setting in Menu: Apple Icon → Preferences → Security and Privacy and see if anything jumps out to you.

Ngrok change anything? Do they have a suggestion? Does access work if you try from inside your network (bypassing any firewalls and Ngrok)?

In addition to what @rmschne said about the obvious test from inside your network: Did you check in the web browsers developer tools (Fn-12 in Firefox, don’t know about other platforms) what exactly you’re seeing (or not)?
Also, does the web server log tell you anything?

Did you try accessing your server by IP address rather than URL?

Did you try both http:// and https:// ?

Might your https certificate have expired?

Did you check Keychain to be sure the certificate for your web server is Trusted?

Did you try refreshing your browser by holding down shift while clicking the reload button for the webpage?

All of these conditions should generate an error message which the browser should display. Unless this ngrok thingy gobbles them up, which makes its use questionable.

The list comes my personal experience running the WebServer 24/7 so my small staff of 3-4 employees can access data. I have seen each issue without a browser error displayed.

I have found the most frequently useful tip to resolve a problem like this at least in the short-term is to use the IP address rather than the URL.

Sorry for the lack of response - a major storm has left us without power since Friday, so everything is down and can’t test any of these suggestions.

Thanks for all the help - I will try them when we are back up.

No worries. Computer questions can wait! We hope everyone is safe and sound.

All safe thankfully, except for many downed trees. We’re back up and running after 6 days without power, and then no heat for a further 2 days, , and then plenty of other problems getting everything working normally again…

It looks like the problem is the TLS certificate is no longer accepted as valid, and so the web browsers are all refusing the connection in one way or another.

The web server works fine when accessing from the same computer.

Accessing from another computer on the LAN or internet gives a blank page. Accessing the local IP address from the LAN give this error;

“IP address” normally uses encryption to protect your information. When Brave tried to connect to “IP address” this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be “IP address”, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Brave stopped the connection before any data was exchanged.

I use the DEVONthink Server TLS certificate, but notice that it expired back in April 2021. Is there a renewal, or some way I can update this?

I suppose that this expired certificate is the reason for your troubles. You could try with a less strict browser, e.g. Firefox. It will let you know that the certificate is not valid and offer you to access the page nevertheless. Maybe that’s also behind the problems with your intermediate server?

So it would probably be a good idea to convert the DT server settings to use Let’s encrypt certificates which are automagically renewed when needed… But I have no idea if that’s possible or how one would change its certificate if it is.

You can delete the existing certificate in Keychain and then reissue it under DT3/Preferences/Server/Self-Signed certificate.

Assuming your local network is secured, you can also simply mark the certificate in Keychain as “always trust” and then it will bypass the expiration date and Chrome will give you the option to proceed to the site without https encryption.

Self-signed certificates might not pass in very security-aware browsers. And I fist quite understand the second part: if the certificate is marked as “always trust”, why would chrome then use http instead of https? It could do that also if I didn’t trust the certificate at all…

I’d still rather go with let’s encrypt certificates. If that’s possible.

Though I don’t use Let’s Encrypt certs, you have the option to import a .p12 file in the Server preferences.

Screen Shot 2021-12-08 at 10.16.00 AM1664×1356 163 KB

I have no clue on the “why” - I just know what I have observed.