PDF print fails after adding SSL

Hi,

I am dealing with ERPNext for a couple of months now and we are starting to transfer one process after another into it. It is simply overwhelming what an open source solution is capable of!

However, I am dealing with some technical issues at the moment.
I did a fresh install of v13 on Ubuntu 20.04. following this guide: Install v13 Production on Ubuntu 20.04 VPS - This is how I did it "Easy Install" script

I imported the database from another installation I used to use and afterwards setup SSL folowing the second part in this guide: [Tutorial] Install v13 Production on Debian 10 VPS - Using “Easy Install” script - Now includes setting up SSL certificate!

My ERPNext instance is hosted locally here on a server in our office and is made available on the internet using a port forwarding on port 443. That works fine so far.

However, since I got the SSL working, my PDFs are looking messed up. The HTML preview looks fine, but printing it to PDF does not seem to pay attention to the print styles. Logo is missing, tables are missing lines etc.

My research lead me to dozens of threads where the solution was simply adding the domain like erp.example.com to the site_config.json. Unfortunately that does not work for me. I tried to dug as deep as I can and found out that this issue might be related to socketio not working. So, I checked the proper logs and found the following:

frappe@erpnextprod:~/frappe-bench$ tail -f logs/node-socketio.log
No response for doc_subscribe
listening on *: 9000
Unable to join chat room. Error: self signed certificate
Unable to join chat room. Error: self signed certificate
No response for doc_subscribe
No response for doc_subscribe
listening on *: 9000
Unable to join chat room. Error: self signed certificate
No response for doc_subscribe
No response for doc_subscribe

I don’t know how to get on to be honest. Printing and sending PDF files via mail is crucial thing to do. So, any help in troubleshooting is very welcome! Thanks in advance.

PS: I am not quite sure if this is the correct category since it refers to some other topics as well…

add host name into your site in the site_config.json file
like this : “host_name”: “yourdomain”,

this should sort out the format of the PDF’s

Thanks for your reply. But this is exactly what I mean. That does not work for me.

This is my site_sonfig.json:

{
 "db_name": "_1bd3e0294da64598",
 "db_password": "w3WwSu8wge5ncGac",
 "db_type": "mariadb",
 "domains": [
  "erp.mycompany.de"
 ],
 "encryption_key": "w1WgOLjLM8qDOhES9dW8bCnuFXWaUEsfvXy2TB4Mgvk=",
 "host_name": "https://erp.mycompany.de/",
 "user_type_doctype_limit": {
  "employee_self_service": 10
 }
}

I tried it with “https://” and without, with slash in the end and without. Neither doesn’t work for me.

edit: I just do a “bench restart” after changing the site_config.json. That should be enough for the changes to take effect, right?

@Sven_Morgenstern

I could not point you to the exact thread right now, but I remember reading a post on the forum that linked me to a github posting of similar problems.

Ultimately is was determined that the host machine did not have enough memory and that was somehow affecting the cached script files that actually perform the conversion to PDF.

On KVM type VPS applications they consensus was that a minimum of 4gb of system memory was required to start seeing improvement in the PDF rendering. This also means there would be 2gb or more of swap memory (over and above the system memory) to aid in the check pointing processes that were possibly causing the problems with the PDF rendering engine.

I know it was an interesting rabbit hole to read through but it made sense and they folks that were experiencing the problems had them solved by dramatically increasing the system memory.

If you want to experiment with this concept, you could get one of the free tiral accounts on Google Cloud, spin up a low memory server maybe 2gb or so, and then a higher memory server of 6 or 8gb to see if the problem does in fact go away with the addition of memory. It is cretainly cheaper than tearing apart your metal box server to add the hardware and it only takes a few min to do this on GCP.

Or - Maybe you can find some search terms in my paraphrasing above that would help you find the same rabbit hole of reading that I ran into last week.

Hope you find a solution soon. Please post back when you do.

BKM

Thanks for your input.
As I said I am running ERPNext on a virtual machine here in my office. The server has 32GB memory, the VM is having 16GB available. I am quite sure this is not the problem…:wink:

The key question for me is: Why does socketio stop to work after adding SSL encryption. Fortunately, I have a snapshot from before and was double-checking. Before adding SSL, the log just didn’t show anything.
Now, after adding SSL it shows the following:

frappe@erpnextprod:~$ tail -f frappe-bench/logs/node-socketio.log
Unable to join chat room. Error: self signed certificate
No response for doc_subscribe
listening on *: 9000
Unable to join chat room. Error: self signed certificate
Unable to join chat room. Error: self signed certificate
No response for doc_subscribe
No response for doc_subscribe
listening on *: 9000
Unable to join chat room. Error: self signed certificate
Unable to join chat room. Error: self signed certificate
Unable to join chat room. Error: self signed certificate
No response for doc_subscribe
No response for doc_subscribe

Is there any way to dig some deeper? Any more logs I could look into? Any hints are welcome as I am starting to loose my head…:smiley:

Oh. my. god.
I finally was able to figure out what went wrong. So, I’ll share the solution here.

Problem was that I missed an entry in /etc/hosts and site_config.json.
I had to add the following to the site_config:

"ssl_certificate": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",

"ssl_certificate_key": "/etc/letsencrypt/live/mydomain.com/privkey.pem",

To the hosts file I had to add
127.0.0.1 mydomain.com

Afterwards do a
bench setup nginx
sudo service nginx restart
and finally a bench restart
Now my site is securely(!) available on the internet with working PDF files. :smiley:

I am a happy man!

4 Likes

You can use this url for SSL

tried this with adding two sites to /etc/hosts … rendered my sites unreachable