Documenso
Maintenance

Troubleshooting

Diagnose and resolve common issues with your self-hosted Documenso instance, organized by component.

General Debugging

Checking Application Logs

Application logs are your primary source of debugging information.

docker logs documenso
docker compose logs -f documenso
kubectl logs -l app.kubernetes.io/name=documenso -n documenso -f

Filtering Logs

Filter logs to find specific errors:

# Docker - find errors
docker logs documenso 2>&1 | grep -i error

# Docker - find warnings
docker logs documenso 2>&1 | grep -i warn

# Show last 100 lines
docker logs --tail 100 documenso

Health Checks

Documenso exposes a health endpoint to verify the application is running:

curl http://localhost:3000/api/health

A healthy response returns HTTP 200. If the health check fails:

Check application logs for startup errors

Verify database connectivity

Confirm environment variables are set correctly

Container Status

Check if containers are running and healthy:

docker ps -a | grep documenso
docker compose ps
kubectl get pods -n documenso -o wide

Environment Variable Verification

Verify environment variables are set correctly inside the container:

docker exec documenso printenv | grep NEXT
docker compose exec documenso printenv | grep NEXT

Be cautious when printing environment variables as they may contain sensitive information like passwords and API keys.

Application Issues

Container Fails to Start

Symptoms: Container exits immediately or enters a crash loop.

Check the exit code:

docker inspect documenso --format='{{.State.ExitCode}}'
Exit CodeMeaning
0Normal exit
1Application error
137Out of memory (OOM killed)
139Segmentation fault
143Terminated by SIGTERM

Common causes and solutions:

CauseSolution
Missing required env variableCheck logs for "required environment variable" errors
Database connection failureVerify database URL and connectivity
Port already in useChange the port mapping or stop conflicting services
Insufficient memoryIncrease container memory limits
Invalid certificateCheck certificate path and passphrase

Application Crashes After Startup

Symptoms: Application starts but crashes during operation.

Check for memory issues:

# Docker
docker stats documenso

# Kubernetes
kubectl top pod -n documenso

Solutions:

Increase memory limits in Docker or Kubernetes configuration

Check for memory leaks in custom integrations

Review application logs around the time of crash

Startup Timeout in Kubernetes

Symptoms: Pod marked as unhealthy, enters CrashLoopBackOff.

Cause: Startup probe fails before the application is ready.

Solution: Increase startup probe timeout in your deployment:

startupProbe:
  httpGet:
    path: /api/health
    port: 3000
  failureThreshold: 60
  periodSeconds: 5

This allows up to 5 minutes (60 x 5 seconds) for startup.

Port Conflicts

Symptoms: "Port already in use" error.

Find what's using the port:

# Linux/macOS
lsof -i :3000

# Or using netstat
netstat -tlnp | grep 3000

Solutions:

Stop the conflicting service

Change Documenso's port mapping: -p 3001:3000

Database Issues

Connection Refused

Error: connect ECONNREFUSED 127.0.0.1:5432

Causes:

  • PostgreSQL not running
  • Incorrect host in connection string
  • Firewall blocking connection
  • Database container not started yet

Solutions:

Verify PostgreSQL is running:

# Direct PostgreSQL
pg_isready -h localhost -p 5432

# Docker Compose
docker compose ps database

Check connection string host matches database location

For Docker Compose, ensure the database service is defined and started

Verify network connectivity between containers

Authentication Failed

Error: password authentication failed for user "documenso"

Causes:

  • Incorrect password
  • Password contains unescaped special characters
  • User does not exist

Solutions:

URL-encode special characters in password (@ becomes %40, # becomes %23)

Verify credentials match database configuration

Reset the password:

ALTER USER documenso WITH PASSWORD 'newpassword';

Database Does Not Exist

Error: database "documenso" does not exist

Solution: Create the database:

CREATE DATABASE documenso;
GRANT ALL PRIVILEGES ON DATABASE documenso TO documenso;

Too Many Connections

Error: too many connections for role "documenso"

Causes:

  • Connection pool exhausted
  • Multiple instances without connection pooling
  • Connections not being released

Solutions:

Reduce connection pool size in connection string:

postgresql://user:password@host:5432/documenso?connection_limit=5

Increase PostgreSQL max_connections

Implement connection pooling with PgBouncer

Migration Failures

Symptoms: Application fails to start with migration errors.

Check migration status:

SELECT * FROM _prisma_migrations WHERE finished_at IS NULL;

Common causes:

CauseSolution
Database lockedWait for other processes to complete
Insufficient diskFree up disk space on database server
Permission deniedGrant schema modification permissions to user
Connection through poolerUse direct database connection for migrations

Retry failed migration:

Fix the underlying issue

Mark migration as rolled back:

UPDATE _prisma_migrations SET rolled_back_at = NOW() WHERE migration_name = 'failed_migration';

Restart the application

SSL Required

Error: SSL/TLS required

Solution: Add SSL mode to connection string:

postgresql://user:password@host:5432/documenso?sslmode=require

Email Issues

Emails Not Sending

Symptoms: No emails received, no errors in logs.

Diagnostic steps:

Check email configuration:

docker exec documenso printenv | grep SMTP

Verify all required variables are set:

VariableRequired
NEXT_PRIVATE_SMTP_TRANSPORTYes
NEXT_PRIVATE_SMTP_FROM_ADDRESSYes
NEXT_PRIVATE_SMTP_FROM_NAMEYes

Test SMTP connectivity:

# Test connection to SMTP server
telnet smtp.example.com 587

SMTP Connection Timeout

Error: Connection timeout

Causes:

  • Incorrect SMTP hostname or port
  • Firewall blocking outbound SMTP
  • SMTP server unreachable

Solutions:

Verify hostname and port match provider documentation

Check outbound firewall rules for ports 25, 465, 587

Test connectivity from the container:

docker exec documenso nc -zv smtp.example.com 587

SMTP Authentication Failed

Error: Invalid login or authentication failed

Causes:

  • Incorrect username or password
  • Account requires app-specific password
  • Account security restrictions

Solutions:

Double-check credentials

For Gmail/Microsoft with 2FA, generate an app password

Check provider for security alerts or blocked sign-ins

Emails Going to Spam

Causes:

  • Missing SPF record
  • Missing DKIM signature
  • No DMARC policy
  • Poor sender reputation

Solutions:

Configure SPF record for your domain

Set up DKIM signing with your email provider

Add a DMARC policy

Use a reputable email provider

Test deliverability at mail-tester.com

From Address Not Authorized

Error: Sender address rejected

Cause: The NEXT_PRIVATE_SMTP_FROM_ADDRESS is not authorized to send from your email provider.

Solutions:

Verify the domain in your email provider's settings

Use an email address from a verified domain

Check provider-specific sender authorization requirements

Signing Issues

No Certificate Found

Error: No certificate found for local signing

Causes:

  • Certificate path not configured
  • Certificate file not mounted
  • Environment variable not set

Solutions:

Verify certificate configuration:

docker exec documenso printenv | grep SIGNING

Check file exists at configured path:

docker exec documenso ls -la /opt/documenso/cert.p12

Ensure either NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH or NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS is set

Certificate Permission Denied

Error: EACCES: permission denied, open '/opt/documenso/cert.p12'

Cause: Application cannot read the certificate file.

Solution: Fix file permissions:

# On host before mounting
sudo chown 1001 certificate.p12
chmod 400 certificate.p12

Invalid Certificate Password

Error: mac verify failure

Cause: Incorrect passphrase for the certificate.

Solutions:

Verify NEXT_PRIVATE_SIGNING_PASSPHRASE matches the certificate password

Check for trailing whitespace or encoding issues

Test the password:

openssl pkcs12 -in certificate.p12 -noout

Failed to Get Private Key

Error: Failed to get private key bags

Cause: Certificate has no password or incompatible encryption.

Solution: Re-create the certificate with a password and compatible encryption:

openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt \
    -keypbe PBE-SHA1-3DES \
    -certpbe PBE-SHA1-3DES \
    -macalg sha1

You must set a non-empty password when creating the certificate. Certificates without passwords will fail.

Certificate Expired

Error: Certificate has expired

Solution:

Check expiration date:

openssl pkcs12 -in certificate.p12 -nokeys | openssl x509 -noout -dates

Generate a new certificate or obtain a renewed one from your CA

Update the certificate file and restart Documenso

Base64 Decode Error

Error: Invalid base64 in NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS

Cause: Incorrect base64 encoding or line breaks in the value.

Solution: Encode without line breaks:

# macOS
base64 -i certificate.p12 | tr -d '\n'

# Linux
base64 -w 0 certificate.p12

Storage Issues

S3 Access Denied

Error: Access Denied

Causes:

  • Incorrect IAM credentials
  • Bucket policy doesn't allow operations
  • CORS not configured

Solutions:

Verify IAM user has required permissions:

{
  "Effect": "Allow",
  "Action": ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"],
  "Resource": "arn:aws:s3:::your-bucket/*"
}

Configure CORS for presigned URL uploads

Verify credentials are correct and not expired

S3 Bucket Not Found

Error: The specified bucket does not exist

Causes:

  • Bucket name typo
  • Bucket in different region
  • Bucket doesn't exist

Solutions:

Verify bucket exists:

aws s3 ls s3://your-bucket

Check NEXT_PRIVATE_UPLOAD_REGION matches bucket region

Create the bucket if it doesn't exist

Signature Mismatch

Error: SignatureDoesNotMatch

Causes:

  • Incorrect secret access key
  • Clock skew between server and S3

Solutions:

Verify credentials are correct

Synchronize server time using NTP:

# Check time
date

# Sync time (Linux)
sudo ntpdate pool.ntp.org

Path-Style Access Required

Error: The bucket you are attempting to access must be addressed using the specified endpoint

Cause: S3-compatible service requires path-style URLs.

Solution: Enable path-style access:

NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE=true

File Upload Timeout

Symptoms: Large file uploads fail or timeout.

Causes:

  • Upload size exceeds limit
  • Network timeout
  • Reverse proxy timeout

Solutions:

Check configured upload limit: NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT

Increase reverse proxy timeout (nginx client_body_timeout)

For very large files, verify S3 multipart upload is working

Performance Issues

Slow Response Times

Diagnostic steps:

Check container resource usage:

docker stats documenso

Monitor database performance:

SELECT query, calls, mean_time
FROM pg_stat_statements
ORDER BY mean_time DESC
LIMIT 10;

Check for memory pressure or CPU throttling

Common causes and solutions:

CauseSolution
Insufficient memoryIncrease container memory limits
Database slowAdd indexes, increase database resources
Network latencyMove database closer to application
Large documentsEnable S3 storage instead of database storage

High Memory Usage

Symptoms: Container OOM killed, slow response times.

Solutions:

Increase memory limits:

# Docker Compose
services:
  documenso:
    deploy:
      resources:
        limits:
          memory: 2G

If using database storage, switch to S3 for large files

Review and optimize any custom integrations

Database Performance Degradation

Symptoms: Slow queries, timeouts.

Diagnostic queries:

-- Check table sizes
SELECT relname, pg_size_pretty(pg_total_relation_size(relid))
FROM pg_catalog.pg_statio_user_tables
ORDER BY pg_total_relation_size(relid) DESC;

-- Find long-running queries
SELECT pid, now() - pg_stat_activity.query_start AS duration, query
FROM pg_stat_activity
WHERE state != 'idle'
ORDER BY duration DESC;

Solutions:

Run VACUUM ANALYZE to update statistics:

VACUUM ANALYZE;

Check for missing indexes on frequently queried columns

Consider upgrading database resources

Archive old documents and audit logs

Slow Document Signing

Symptoms: Document completion takes a long time.

Causes:

  • Timestamp server latency
  • Large PDF files
  • Certificate issues

Solutions:

Use a faster timestamp server or one geographically closer

Optimize PDF file sizes before upload

Verify certificate is valid and not causing retries

Network Issues

Cannot Reach Application

Diagnostic steps:

Verify container is running and port is exposed:

docker ps | grep documenso

Check port binding:

netstat -tlnp | grep 3000

Test local connectivity:

curl http://localhost:3000/api/health

Reverse Proxy Issues

Symptoms: 502 Bad Gateway, connection refused through proxy.

Solutions:

Verify upstream is reachable from the proxy

Check proxy configuration points to correct port

Ensure headers are forwarded correctly:

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

WebSocket Connection Failures

Symptoms: Real-time updates not working.

Solution: Configure reverse proxy for WebSocket support:

location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

DNS Resolution Failures

Error: getaddrinfo ENOTFOUND hostname

Causes:

  • Incorrect hostname
  • DNS not configured in container
  • Network isolation

Solutions:

Verify hostname is correct

Check DNS configuration:

docker exec documenso cat /etc/resolv.conf

For Docker Compose, use service names for inter-container communication

Getting Help

Before Asking for Help

Gather this information before seeking support:

Documenso version:

docker inspect documenso --format='{{.Config.Image}}'

Deployment method: Docker, Docker Compose, Kubernetes, or other

Relevant logs: Filter to show errors around the issue

Steps to reproduce: What actions trigger the problem

Environment: Cloud provider, OS, database type

Community Support

Reporting Bugs

When reporting bugs, include:

Clear description of the expected vs actual behavior

Steps to reproduce

Documenso version

Relevant logs (redact sensitive information)

Environment details

Security Issues

For security vulnerabilities, do not open a public issue. Contact security@documenso.com directly.

Troubleshooting Checklist

Use this checklist when diagnosing issues:

See Also

On this page

General DebuggingChecking Application LogsFiltering LogsHealth ChecksContainer StatusEnvironment Variable VerificationApplication IssuesContainer Fails to StartApplication Crashes After StartupStartup Timeout in KubernetesPort ConflictsDatabase IssuesConnection RefusedAuthentication FailedDatabase Does Not ExistToo Many ConnectionsMigration FailuresSSL RequiredEmail IssuesEmails Not SendingSMTP Connection TimeoutSMTP Authentication FailedEmails Going to SpamFrom Address Not AuthorizedSigning IssuesNo Certificate FoundCertificate Permission DeniedInvalid Certificate PasswordFailed to Get Private KeyCertificate ExpiredBase64 Decode ErrorStorage IssuesS3 Access DeniedS3 Bucket Not FoundSignature MismatchPath-Style Access RequiredFile Upload TimeoutPerformance IssuesSlow Response TimesHigh Memory UsageDatabase Performance DegradationSlow Document SigningNetwork IssuesCannot Reach ApplicationReverse Proxy IssuesWebSocket Connection FailuresDNS Resolution FailuresGetting HelpBefore Asking for HelpCommunity SupportReporting BugsSecurity IssuesTroubleshooting ChecklistSee Also