SSL Certificate Verify Issue - ssl

I have a site , and the SSL Certificate works properly when I open it using Chrome.
But when I use requests to get the URL I get the following error
requests.exceptions.SSLError: HTTPSConnectionPool(host='somerandomsite.subdomain.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Any way to have more verbose output on why it fails, or understand whats the issue here?
The certificate has been generated using Let's Encrypt through Google R3

Related

While installing Gcloud sdk on windows 10 getting HTTPSConnectionPool(host='dl.google.com', port=443)

HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', '', 'certificate verify failed')])")))
I have tried both installation i.e. via .exe and .zip facing the same error in both the cases.
I am not sure what certificate it is looking for to validate. Is there something that I missed?
Snapshot of the error

influxdb 2.0 certificate verify failed: certificate has expired (_ssl.c:1129)

When I'm trying to delete or insert data into influxDB 2.0 I suddenly started getting this error.
It was working without any issue earlier
Does anyone know how to fix it
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)```
Fixed this issue.
Fix was adding this line when initializing the influxDB client
ssl_ca_cert=certifi.where()
client = influxdb_client.InfluxDBClient(
url=os.getenv("URL"),
token=token,
org=os.getenv("ORG"),
ssl_ca_cert=certifi.where()

Wso2 Ei 6.3 self signed certification error

I am getting below certification error while i am trying to call any API https://:8243/ from a react based frontend application. I have defined my rest API in wso2 EI 6.3. I am not using wso2 APIM.
What i did to resolve this issue:
1. I created a new self signed certificate and created a new key store. Updated carbon.xml, axis2.xml file. Restart the server. I am able to see my certificate in wso2 Ei GUI.
2. I accepted the certificate in browser.
But still i am not able to get rid of this error.
Is this error coming due to self signed certificate? If i will be using any CA signed certificate then this issue will not be there?
Any help or pointer is highly appreciated.
[2020-04-07 08:54:48,841] [-1] [] [HTTPS-Listener I/O dispatcher-2] ERROR {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
BR//
Vipin Nirwal
I was able to resolve this issue. I followed the below steps.
I created a self CA first. Then created a certificate signed by my own CA. Import the root certificate of my CA into the browser As this CA needs to be trusted by browser.
After this update carbon.xml, files inside axis2 directory and catalina-server.xml file with proper jks file and password for keystores.
Restarted the server.
You can try to debug it yourself by enabling SSL debug logs in the EI server. In the SSL logs, you can check whether the client certificate and the server certificate is matching. Have a look at the following blog.
https://medium.com/#nipunadilhara/enabling-ssl-debug-logs-for-wso2-products-30833d5de88e

SSL routines', 'ssl3_get_record', 'wrong version number'

Im running an analytics server that connects to Instgram through the requests library. I'm using proxies and 1 out of 5 of the requests I'm making, I'm getting this error.
I've been looking around the internet and did not find anything that I could understand, any guidance would be much appreciated!
IGBOTDriver: Error in my make_request():
HTTPSConnectionPool(host='i.instagram.com', port=443): Max retries exceeded
with url: /api/v1/users/gameaimon/usernameinfo/
(Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record',
'wrong version number')],)",),))
I'm using Ubunto, Apache2 with python 2.7. The script is running on a celery worker in the background.

mandrill, 14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

In mandrill webhook, I added https://xxxx/mandrills/email_bounced_back
The error I got is:
Error: POST to https://xxxx/mandrills/email_bounced_back failed: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I used https://www.sslshopper.com/ssl-checker to check and seems ok (green)
I am using cPanel & WHM 64.0 (build 20)