When I try to checkout from a local Github then I get a SSL certificate error "fatal: unable to access ... SSL certificate problem: unable to get local issuer certificate". However the server's certificate is known to Webstorm (9.0.0). I also checked the "automatically accept certificates" box.
How can I analyze / fix this issue?
By now I found out that this is not a Webstorm issue at all. Git did not want to checkout from the commandline either. I followed the solution from here. Once Git was able to clone Webstorm was also able to clone. Obviously this is because Webstorm reuses the git configuration.
Related
I used JGIT to clone a repo from bitbucket using HTTPS method which worked fine.
But I am trying to do is do a git pull from command Line from the cloned repo. When this is done i am getting fatal: unable to access 'https://cedt-icg-bitbucket.********.git/': SSL certificate problem: self signed certificate in certificate chain
I don't want to use the suggested git -c http.sslVerify=false to solve as its not safe as its a private repo.
Any suggestions? please
When I run something like:
git clone https://gitlab.mydoman.com/test.git
from part of the clients, I get the error:
Peer's Certificate issuer is not recognized
I saw 2 main solution:
1. User can set
export GIT_SSL_NO_VERIFY=true
2. to install root certificates
I would like to solve the problem to all the users.
I did not understood how to install the root certificate and where I configure Gitlab to use it. Is there url to clear instruction?
Thanks.
I installed a brand new DigitalOcean droplet using a marketplace base (so on paper everything should be OK out of the box).
When trying to issue certificates, i am getting this error:
[11.13.2019_04-48-28] /root/.acme.sh/acme.sh --issue -d thehouseinkorazim.co.il -d www.thehouseinkorazim.co.il --cert-file /etc/letsencrypt/live/thehouseinkorazim.co.il/cert.pem --key-file /etc/letsencrypt/live/thehouseinkorazim.co.il/privkey.pem --fullchain-file /etc/letsencrypt/live/thehouseinkorazim.co.il/fullchain.pem -w /home/thehouseinkorazim.co.il/public_html --force
[11.13.2019_04-48-28] [Errno 2] No such file or directory [Failed to obtain SSL. [obtainSSLForADomain]]
[11.13.2019_04-48-28] 283 Failed to obtain SSL for domain. [issueSSLForDomain]
[11.13.2019_04-48-34] Trying to obtain SSL for: thehouseinkorazim.co.il and: www.thehouseinkorazim.co.il
I checked and UFW is not installed.
I do have a network firewall but it is the same one as another droplet that does allow for certificates (same rules) so I think it is not the cause.
I searched all the answers online and no luck.
I even installed certboot to manually issue certificate but same error (i did it because I know you need to register initially to get certificates and I haven't so I thought it was the cause).
Any ideas? Thanks!
update: i did a clean droplet again, this is the issue without anything I did manually:
Cannot issue SSL. Error message: ln: failed to create symbolic link '/usr/local/lsws/admin/conf/cert/admin.crt': No such file or directory ln: failed to create symbolic link '/usr/local/lsws/admin/conf/cert/admin.key': No such file or directory 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
I checked and there is no folder "cert" under "conf" in the path written above.
There's an known SSL issue on recent version due to some environment/code changing. We already aware it and submitted a new version which has that issue fixed included. Please give it a day or two and you should be able to launch the new version from marketplace which comes with CyberPanel v1.9.2.
Best
I am trying to understand the process of installing a letsencrypt certificate on Apache on Centos.
I have read the installation instructions, cloned the git repository, and there I’m stuck.
Has anybody had experience with this and what to do next?
Thanks
You didn't really make it clear what your error was, but I'll take a guess and say that you left off with cloning the Git repository.
From here, you'll need to run some commands with the letsencrypt-auto program that you just cloned to actually obtain a certificate and install it. Let's Encrypt and their automatic configuration feature isn't necessarily stable yet, so I recommend running the command to only obtain a certificate, then manually configure SSL yourself. Head into the directory that you cloned the Git repository to and run the following commands:
chmod +x letsencrypt-auto
./letsencrypt-auto certonly
Let's Encrypt will begin to download its dependencies and a prompt will finally appear requesting which domains you want a certificate for. Just fill it in and press enter. If all goes well, you'll get an output that looks similar to this:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your
cert will expire on 2016-03-08. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
This path will differ from my path since I'm running Ubuntu 14.04. Note the path to the folder, which will hold all of the files you need. Now, head into your Apache configuration and edit the configuration file to link to the SSL certificates that you just created, restart Apache, and you should be good to go!
If you need any further instructions, let me know.
I try to connect from TeamCity to Mercurial repository over https.
But I can't, because appears error:
stderr: abort: error: _ssl.c:577: error: 14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
How can I disable sertificate verification by TeamCity?
Or how I can workaround this?
I have tried to load sertificate from IE and past it in cer file of Mercurial, but it is not resolve my issue.
I resolve my issue, only after put mercurial.ini in catalog C:\Windows\System32\config\systemprofile.
Editing of .hgrc not take effect. Only putting mercurial.ini in C:\Windows\System32\config\systemprofile and add loaded certificate to cacept.pem solve my issue.
Better than disabling certificate verification (where possible) is to let Mercurial know that you trust the certificate. (This is a Windows-specific answer).
The thing I missed for ages is that even if you import the certificate into the Trusted Root Certification Authority, this doesn't affect the Local System account, which TeamCity is running under if you have set it up to run as a service.
The full steps to get the Local System account to trust a certificate are in this answer, but I'll reproduce them in brief here:
First, get a copy of the certificate. You can export this to a file from the all the main browsers.
Then, run mmc.exe from the start menu. Add the Certificates snap-in. If TeamCity is running as the local system account you want to manage "Local computer" certificates. If TeamCity is running as an ordinary user you want to manage user certificates.
Navigate to "Trusted Root Certification Authorities". Then click "Action > All Tasks > Import" and import the certificate file.
A final note: You can use psexec.exe from PSTools to run powershell as Local System and test things are working before going back to TeamCity: (Reference)
psexec -i -s Powershell.exe