My BBB secret is valid and is the same for Greenlight .env file.
All of a sudden, I got the error
Server Error - Invalid BigBlueButton Endpoint and Secret
and when I run:
docker run --rm --env-file .env <container-image> bundle exec rake conf:check
I get:
Checking environment: Passed
Checking Connection: Failed
Error connecting to BigBlueButton server - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (certificate has expired)
I have manually updated the certificate of my Ubuntu server but the error still persists. My BBB version 2.2.9.
While browsing online, I read that you have to log into your container using bash by typing:
docker exec -it <container-id> /bin/bash
and trying to download a certificate (somewhere they was mentioned https://curl.haxx.se but I am not 100% sure about the URL). However curl in the docker container also complains about an SSL error.
The issue was caused because of an expired Let's Encrypt SSL certificate. More information can be found here. Removing the certificate and updating the certificates resolves the issue.
Related
Creating certificates for elasticSearch install via docker-compose.
Gets an error 'Mac verify error: Invalid Password?' while running the command: sudo docker-compose -f create-certs.yml run --rm create_certs
I'm creating the certificates again as faced an issue during initial setup. Is this error of any concern for the setup?
Also, when i run openssl pkcs12 -info -in /home/elastic/es11/es11/es11.p12 and enters the password. get below error :
Enter Import Password:
MAC Iteration 10000
Mac verify error: invalid password?
There is already ssl certificate on the server, the issue is it works fine if someone writes website as borroup.com but when write www.borroup.com it says connection not secure. Im not sure how to access the cert from the server to config the issue.
borroup.com
www.borroup.com
here is the sudo ls /etc
I tried this
sudo certbot --nginx -d borroup.com -d www.borroup.com
and this
sudo ./letsencrypt-auto --apache -d borroup.com -d www.borroup.com
i kept getting command not found
command not found
I am behind a corporate proxy and I'm trying to install Hyperledger Sawtooth on an Ubuntu machine.
Part of that setup is installing rust which is failing.
It uses the following command which is taken from a 'Dockerfile' file as part of the command docker-compose up:
curl --insecure https://sh.rustup.rs -sSf > /usr/bin/rustup-init && chmod +x /usr/bin/rustup-init && rustup-init -y
This gives me an error:
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
rustup: command failed: downloader https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init /tmp/tmp.KEMZg5vZRK/rustup-init
Apparently, the command rustup-init -y is failing as I'm behind a corporate proxy and it failed to connect the url https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init.
Where do I do the modification (add the -k flag) to turn off curl's certificate verification option so that I get an insecure connection and my installation is successful?
I tried modifying the rustup-init.sh file, but it is of no use.
I connected my Virtualbox VM to my docker machine.And when i do docker-compose up from docker machine I am getting this following Error.
ERROR: SSL error: HTTPSConnectionPool(host='192.168.4.20', port=2376): Max retries exceeded with url: /v1.22/info (Caused by SSLError(CertificateError("hostname '192.168.4.20' doesn't match 'localhost'",),))
I know I'm a bit late to the party, but I just had this. Apparently, Docker Compose is not using the correct TLS version. You can fix this by having the following environment variable:
COMPOSE_TLS_VERSION=TLSv1_2
Here's the original link: https://stackify.com/docker-environment-variables/
I had the same issue, I could resolve renewing the certificate.
$ docker-compose up -d
ERROR: SSL error: HTTPSConnectionPool(host='192.168.99.100', port=2376):
Max retries exceeded with url: /v1.30/networks/docker_default
(Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))
$ docker network ls
error during connect: Get https://192.168.99.100:2376/v1.40/networks: x509:
certificate has expired or is not yet valid
To fix:
$ docker-machine regenerate-certs --client-certs
$ docker-compose up -d
Starting couchdb-dev ... done
Starting consul-dev ... done
Starting postgres-dev ... done
Starting zipkin-dev ... done
Starting rabbitmq-dev ... done
Starting oracle-dev ... done
Starting cassandra-dev ... done
Works!
ps: I got this error after change the hour on clock from computer
I have a remote Docker registry setup. It has a go-daddy SSL cert installed.
If I curl it I get an 'unknown authority' error:
curl https://example.com:5000/v2/
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
...
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
So I then use the 'insecure' curl:
curl -k https://example.com:5000/v2
and I get
{} //which I guess is because there is nothing in the registry?
to check, I curl a non-existent endpoint:
curl -k https://example.com:5000/moo
404 page not found //which is positive, as it means the -k flag is suppressing the 'unknown authority' correctly
So, now I know that it is possible to connect to the registry by curl I try using Docker client to push an image:
docker push example.com:5000/my-image
The push refers to a repository [example.com:5000/my-image]
unable to ping registry endpoint https://example.com:5000/v0/
v2 ping attempt failed with error: Get https://example.com:5000/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://example.com:5000/v1/_ping: x509: certificate signed by unknown authority
So I then try to suppress the error by adding 'insecure-registry' to DOCKER_OPTS (as explained here):
DOCKER_OPTS="--insecure-registry example.com:5000"
[restart docker daemon]
And it does not work. I get the same 'unknown authority' warning.
Firstly, why is a certificate from Go Daddy not trusted? I have it setup on an nginx server and it is working fine with the 'green bar' on the browser.
Secondly, how can I get the 'insecure-registry' to work with Docker? Thanks
Ok, I got to the bottom of this.
Turns out I didn't need to modify /etc/default/docker with this:
DOCKER_OPTS="--insecure-registry example.com:5000"
The issue was that the Go-Daddy certificate I installed in the registry needed to have the intermediate certificates too. I received the following from Go-Daddy:
domain.crt
some-bundle.crt
You need to
cat bundle.crt >> domain.crt
so that the certificate chain is complete. Then it all works fine