In mandrill webhook, I added https://xxxx/mandrills/email_bounced_back
The error I got is:
Error: POST to https://xxxx/mandrills/email_bounced_back failed: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I used https://www.sslshopper.com/ssl-checker to check and seems ok (green)
I am using cPanel & WHM 64.0 (build 20)
Related
I am running a knife solo cook and started getting this error below. Did some searching and it seems it is due to the LetsEncrypt SSL ca needing updates. I updated these on the server and can wget the URL below just fine. But I still get this error w/ chef. I wasn't sure if there was some cache (I did clear out the local-mode-cache dir) or something I am missing here. Any help would be great! Thanks.
================================================================================
Error executing action add on resource 'postgresql_repository[pg repo]'
================================================================================
OpenSSL::SSL::SSLError
----------------------
apt_repository[postgresql_org_repository] (/home/ubuntu/chef-solo/local-mode-cache/cache/cookbooks/postgresql/resources/repository.rb line 76) had an error: OpenSSL::SSL::SSLError: remote_file[/home/ubuntu/chef-solo/local-mode-cache/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc] (/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.1.1/lib/chef/provider/apt_repository.rb line 199) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc - SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)
Resource Declaration:
---------------------
# In /home/ubuntu/chef-solo/local-mode-cache/cache/cookbooks/rails_app/recipes/postgresql_server_single.rb
Update - I was able to solve this by editing /opt/chef/embedded/ssl/certs/cacert.pem on the server and removing the DST Root CA X3 certificate.
I have a site , and the SSL Certificate works properly when I open it using Chrome.
But when I use requests to get the URL I get the following error
requests.exceptions.SSLError: HTTPSConnectionPool(host='somerandomsite.subdomain.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Any way to have more verbose output on why it fails, or understand whats the issue here?
The certificate has been generated using Let's Encrypt through Google R3
When I'm trying to delete or insert data into influxDB 2.0 I suddenly started getting this error.
It was working without any issue earlier
Does anyone know how to fix it
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)```
Fixed this issue.
Fix was adding this line when initializing the influxDB client
ssl_ca_cert=certifi.where()
client = influxdb_client.InfluxDBClient(
url=os.getenv("URL"),
token=token,
org=os.getenv("ORG"),
ssl_ca_cert=certifi.where()
I am getting below certification error while i am trying to call any API https://:8243/ from a react based frontend application. I have defined my rest API in wso2 EI 6.3. I am not using wso2 APIM.
What i did to resolve this issue:
1. I created a new self signed certificate and created a new key store. Updated carbon.xml, axis2.xml file. Restart the server. I am able to see my certificate in wso2 Ei GUI.
2. I accepted the certificate in browser.
But still i am not able to get rid of this error.
Is this error coming due to self signed certificate? If i will be using any CA signed certificate then this issue will not be there?
Any help or pointer is highly appreciated.
[2020-04-07 08:54:48,841] [-1] [] [HTTPS-Listener I/O dispatcher-2] ERROR {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
BR//
Vipin Nirwal
I was able to resolve this issue. I followed the below steps.
I created a self CA first. Then created a certificate signed by my own CA. Import the root certificate of my CA into the browser As this CA needs to be trusted by browser.
After this update carbon.xml, files inside axis2 directory and catalina-server.xml file with proper jks file and password for keystores.
Restarted the server.
You can try to debug it yourself by enabling SSL debug logs in the EI server. In the SSL logs, you can check whether the client certificate and the server certificate is matching. Have a look at the following blog.
https://medium.com/#nipunadilhara/enabling-ssl-debug-logs-for-wso2-products-30833d5de88e
Trying to update dependencies on a phoenix app by running: mix deps.get
The only STOUT is:
07:20:21.642 [error] SSL: :certify: ssl_handshake.erl:1507:Fatal error: certificate expired
07:20:21.674 [error] SSL: :certify: ssl_handshake.erl:1507:Fatal error: certificate expired
Registry update failed (http_error)
{:failed_connect, [{:to_address, {'repo.hex.pm', 443}}, {:inet, [:inet], {:tls_alert, 'certificate expired'}}]}
** (Mix) Failed to fetch registry
I have updated elixir and erlang with brew update but that hasn't helped.
Since the certificate for repo.hex.pm is not expired in reality but is very recently issued the error message might be cause by a wrong time on your computer. Thus make sure that you have the current time on your system and try again.