When attempting to run my app in production mode (after successfully compiling):
MIX_ENV=prod mix phoenix.server
I'm getting the following error:
** (EXIT) an exception was raised:
** (ArgumentError) could not start Cowboy adapter, the file /etc/letsencrypt/live/nhby.in/privkey.pem required by SSL's :keyfile does not exist
However that key does actually exist, at that location:
$ sudo ls /etc/letsencrypt/live/nhby.in/
cert.pem chain.pem fullchain.pem privkey.pem
The key location is defined in the config as per the docs:
keyfile: Path.expand("../../../../etc/letsencrypt/live/nhby.in/privkey.pem", __DIR__)
What's going wrong here?
Its long and not pretty, but it works:
sudo HELLO_WORLD_SSL_KEY_PATH="/etc/letsencrypt/live/example.com/privkey.pem" HELLO_WORLD_SSL_CERT_PATH="/etc/letsencrypt/live/example.com/cert.pem" HELLO_WORLD_SSL_CA_PATH="/etc/letsencrypt/live/example.com/chain.pem" PORT=4000 SECRET_KEY_BASE=tLWwWJ1KMQmtkjZjJ56oTPeP5o5Or23I0UMCskyvKxVvcylsayrCJ3N0soaB3KuQ MIX_ENV=prod mix phx.server
Related
I am trying to install vscode using code-server and extensions like python, jupyter and it is giving me error
[2022-03-24T06:31:01.822Z] info Wrote default config file to ~/.config/code-server/config.yaml
Installing extensions...
self signed certificate in certificate chain
Steps that i am following are:
ARG IDE_HOME="/opt"
ARG CODE_SERVER_VERSION="v4.2.0"
ARG CODE_SERVER_FILE="code-server-4.2.0-linux-amd64.tar.gz"
WORKDIR $IDE_HOME/code-server/
RUN wget -qO- https://github.com/cdr/code-server/releases/download/${CODE_SERVER_VERSION}/${CODE_SERVER_FILE} | tar zxvf - --strip-components=1
ENV PATH=$IDE_HOME/code-server/bin:$PATH
RUN code-server --install-extension ms-toolsai.jupyter
Also, on UI it shows the same:
Any idea how to fix this?
I started off all fresh with downloading and unpacking the latest release of API Platform 2.5.7, a fresh Docker for Mac install on my Macbook Pro with a freshly installed Catalina and keep running into the following error, after having docker-compose pull followed by docker-compose up -d.
All other services are up and running (green in the Docker client), only the API Platform client remains grey with the following message in the service's logs:
yarn run v1.22.5
error Command "dev:ssl" not found.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
It is not a timeout issue, although I ran the following to double the timeout.
export DOCKER_CLIENT_TIMEOUT=120
export COMPOSE_HTTP_TIMEOUT=120
What am I missing here, there's not much out on the web on this so I must be ignoring some trivial things?
P.S. I think there's a download of the master version Dockerfile for the client happening, since the 2.5.7 doesn't include anything that points at dev:ssl.
P.S.S. The certificate installation seems to have gone well, see the logs of that part below
P.P.S.S. Although I can access the admin service, just like the api service for instance, I fail to access the dev-tls service through the browser. https://localhost:80 yields in a
Secure Connection Failed
An error occurred during a connection to localhost:80. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG.
I believe that this might be linked to my problem.
Creating volume "abc_dev-certs" with default driver
Building dev-tls
Step 1/8 : ARG NGINX_VERSION=1.17
Step 2/8 : FROM nginx:${NGINX_VERSION}-alpine
1.17-alpine: Pulling from library/nginx
cbdbe7a5bc2a: Already exists
c554c602ff32: Pull complete
Digest: sha256:763e7f0188e378fef0c761854552c70bbd817555dc4de029681a2e972e25e30e
Status: Downloaded newer image for nginx:1.17-alpine
---> 89ec9da68213
Step 3/8 : RUN apk add --no-cache nss-tools ;
---> Running in e0c151182fb3
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/6) Installing nspr (4.24-r0)
(2/6) Installing libgcc (9.3.0-r0)
(3/6) Installing sqlite-libs (3.30.1-r2)
(4/6) Installing libstdc++ (9.3.0-r0)
(5/6) Installing nss (3.48-r0)
(6/6) Installing nss-tools (3.48-r0)
Executing busybox-1.31.1-r9.trigger
OK: 30 MiB in 43 packages
Removing intermediate container e0c151182fb3
---> 4895089ff1c6
Step 4/8 : WORKDIR /certs
---> Running in 3e49a528b4d3
Removing intermediate container 3e49a528b4d3
---> 6fdeb78536a9
Step 5/8 : ARG MKCERT_VERSION=1.4.1
---> Running in 632471b47035
Removing intermediate container 632471b47035
---> 1d4da3a96894
Step 6/8 : RUN set -eux; wget -O /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v$MKCERT_VERSION/mkcert-v$MKCERT_VERSION-linux-amd64; chmod +x /usr/local/bin/mkcert; mkcert --cert-file localhost.crt --key-file localhost.key localhost 127.0.0.1 ::1 mercure; cat localhost.key localhost.crt > server.pem; cp "$(mkcert -CAROOT)/rootCA.pem" /certs/localCA.crt
---> Running in 89fd8efa2967
+ wget -O /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-linux-amd64
Connecting to github.com (140.82.121.3:443)
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (52.216.114.227:443)
saving to '/usr/local/bin/mkcert'
mkcert 11% |*** | 543k 0:00:07 ETA
mkcert 42% |************* | 2022k 0:00:02 ETA
mkcert 92% |***************************** | 4469k 0:00:00 ETA
mkcert 100% |********************************| 4815k 0:00:00 ETA
'/usr/local/bin/mkcert' saved
+ chmod +x /usr/local/bin/mkcert
+ mkcert --cert-file localhost.crt --key-file localhost.key localhost 127.0.0.1 ::1 mercure
Created a new local CA at "/root/.local/share/mkcert" 💥
Warning: the local CA is not installed in the system trust store! ⚠️
Run "mkcert -install" to avoid verification errors ‼️
Created a new certificate valid for the following names 📜
- "localhost"
- "127.0.0.1"
- "::1"
- "mercure"
The certificate is at "localhost.crt" and the key at "localhost.key" ✅
+ cat localhost.key localhost.crt
+ mkcert -CAROOT
+ cp /root/.local/share/mkcert/rootCA.pem /certs/localCA.crt
Removing intermediate container 89fd8efa2967
---> ae6d06e250f8
edit out docker/dev-tls/Dockerfile and add in line 23:
mkcert -install; \
then build your images again, worked for me
I'm setting up a Kubernetes cluster and as part of that, I ran the following command (mentioned on official docs: https://kubernetes.io/docs/tasks/tools/install-kubectl/) :
sudo apt-get update && sudo apt-get install -y apt-transport-https
However, it fails with the following error:
Err:3 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Now, I fetch the certificate with this command :
ex +'/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect packages.cloud.google.com:443) -scq > kubecertificate.crt
I get the following response :
verify error:num=20:unable to get local issuer certificate
DONE
But since I see content inside my kubecertificate.crt file , I go ahead and copy the certificate in /usr/local/share/ca-certificates/ directory.
Then I run:
update-ca-certificates
After updating my ca certificates bundle, I re run the first command mentioned.
It again fails with the server certificate verification failed error.
Please help me understand where am I going wrong? Is it because I'm unable to get the local issuer certificate? Please help.
Are you using i386 image or is there some firewall involved? If it is 64bit version of Xenial then it must be some kind of system issue.
Take a look at this case. Especially I would check the current system time date -R and apt-get install NTP as advised by #davidthings as I remember having similar problem. There is also a lot of different solutions which could help, listed in the linked case - check which one is applicable for your and update if you succeeded.
After that you can try with this, to download kubectl, kubelet and kubeadm (or edit it accordingly if you want just one)
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |
apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
I was trying to include the LDAP module to nginx. I could add the module and make install nginx successfully, however, while trying to restart the nginx, I get the following error:
sudo /usr/local/nginx/sbin/nginx -c /var/www/conf/nginx.conf -t
nginx: [emerg] dlopen() "/usr/local/nginx/modules/ngx_http_auth_ldap_module.so" failed (/usr/local/nginx/modules/ngx_http_auth_ldap_module.so: undefined symbol: ngx_ssl_handshake) in /var/www/conf/nginx.conf:11
nginx: configuration file /var/www/conf/nginx.conf test failed
When I looked at the ngx_http_auth_ldap_module.c file, I found that there is a call to this function. I am not sure where is this function being called from. Is there any other library that needs to be installed?
I have already installed the following:
openssl-devel.x86_64
openldap-devel.x86_64
zlib-devel.x86_64
I figured it out that I wasn't configuring nginx with the http_ssl_module option.
To make it work, I re-configured the nginx as:
./configure --add-module=/path/to/ldap_module --with-http_ssl_module
And then issued make and install commands. The ngx_ssl_handshake error got removed.
I'am trying to generate certificate from Let's Encrypt It over certbot (package ver. 0.21.1.-1), but i'am getting error. I'am using webroot module.
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/ssl/certs/ca-certificates.crt
I don't have there file with this filename. Should i generate it, download?
Maybe /etc/ssl/certs/ca-certificates.crt is not exist.
Try running sudo update-ca-certificates to create it.
I ended up doing cd /etc/ssl/certs followed by cat *.pem >> ca-certificates.crt
Not the most elegant solution and you'll have to delete the file and redo it every time the ca-certificates package (or its dependents) update...
Try running sudo pacman -S ca-certificates to install the core certificates
For me, update-ca-trust did the trick.
It happens because the original ca-certificates.crt file is missing.
In my case, I removed it when adding a new certificate file containing my website.com as a CN (Common Name). Fortunately, I had a backup copy of that file.
If you have that file, just put it again in the directory:
/etc/ssl/certs/ca-certificates.crt
Or try to add a new one with the same name.