Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none #437

Open
Avskum opened this issue Sep 2, 2020 · 10 comments

Comments

@Avskum
Copy link

Avskum commented Sep 2, 2020

I just updatet my docker containers after I pulled from git, and restarted my containers but I just started to getting error from browser PR_END_OF_FILE_ERROR

So I've login into redmine container and tryed curl on localhost and this is result.


root@0ae0ad897441:/home/redmine/redmine# curl -Iv https://127.0.0.1
* Rebuilt URL to: https://127.0.0.1/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* found 127 certificates in /etc/ssl/certs/ca-certificates.crt
* found 508 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

I tryed update, and upgrade packages in container, rebuild containers, also reinstall ca-cert package, but nothing worked.

@jcormier
Copy link
Collaborator

jcormier commented Sep 2, 2020

What version of the docker image are you using? What git did you pull from? Are the permissions on your certificates set correctly?

Some possibilities
https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c

@Avskum
Copy link
Author

Avskum commented Sep 3, 2020

What version of the docker image are you using? What git did you pull from? Are the permissions on your certificates set correctly?

Some possibilities
https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c

I freshly downloaded and reinstalled the project.


docker --version
Docker version 19.03.12, build 48a66213fe

Also I just cloned from https://github.com/sameersbn/docker-redmine/

@jcormier
Copy link
Collaborator

jcormier commented Sep 3, 2020

Ahh okay, so you built the docker image yourself. How are you launching it? Can you post the output from when you launch the image.

@Avskum
Copy link
Author

Avskum commented Sep 3, 2020

Yeah buildet it because I changed port to 443.

Output is actually cool, with no errors

docker-compose up
Creating network "docker-redmine_default" with the default driver
Creating docker-redmine_mysql_1 ... done
Creating docker-redmine_redmine_1 ... done
Attaching to docker-redmine_mysql_1, docker-redmine_redmine_1
redmine_1  | Initializing logdir...
redmine_1  | Initializing datadir...
redmine_1  | Symlinking dotfiles...
redmine_1  | Installing configuration templates...
redmine_1  | Configuring redmine...
mysql_1    | Creating database "redmine"...
mysql_1    | Granting access to database "redmine" for user "redmine"...
mysql_1    | 2020-09-03T10:39:01.762420Z mysqld_safe Logging to syslog.
mysql_1    | 2020-09-03T10:39:01.774130Z mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
redmine_1  | Configuring redmine::database...
redmine_1  | Configuring redmine::unicorn...
redmine_1  | Configuring redmine::secret_token...
redmine_1  | Configuring redmine::max_concurrent_ajax_uploads...
redmine_1  | Configuring redmine::sudo_mode...
redmine_1  | Configuring redmine::autologin_cookie...
redmine_1  | Configuring redmine::email_delivery...
redmine_1  | Configuring redmine::backups...
redmine_1  | Configuring nginx...
redmine_1  | Configuring nginx::redmine...
redmine_1  | Configuring nginx::redmine::ssl...
redmine_1  | Configuring nginx::redmine::hsts...
redmine_1  | Installing plugins...
redmine_1  | Installing themes...
redmine_1  | 2020-09-03 12:39:03,273 CRIT Supervisor running as root (no user in config file)
redmine_1  | 2020-09-03 12:39:03,273 WARN Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
redmine_1  | 2020-09-03 12:39:03,273 WARN Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
redmine_1  | 2020-09-03 12:39:03,273 WARN Included extra file "/etc/supervisor/conf.d/unicorn.conf" during parsing
redmine_1  | 2020-09-03 12:39:03,279 INFO RPC interface 'supervisor' initialized
redmine_1  | 2020-09-03 12:39:03,279 INFO supervisord started with pid 1
redmine_1  | 2020-09-03 12:39:04,281 INFO spawned: 'unicorn' with pid 290
redmine_1  | 2020-09-03 12:39:04,282 INFO spawned: 'cron' with pid 291
redmine_1  | 2020-09-03 12:39:04,283 INFO spawned: 'nginx' with pid 292
redmine_1  | 2020-09-03 12:39:05,599 INFO success: unicorn entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
redmine_1  | 2020-09-03 12:39:05,599 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
redmine_1  | 2020-09-03 12:39:05,599 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

@jcormier
Copy link
Collaborator

jcormier commented Sep 3, 2020

Yeah buildet it because I changed port to 443.

Could you clarify this statement? You shouldn't have to build it to get ssl working.

@Avskum
Copy link
Author

Avskum commented Sep 4, 2020

Yeah buildet it because I changed port to 443.

Could you clarify this statement? You shouldn't have to build it to get ssl working.

I changed nginx settings to work on 443 outside container.

@Avskum
Copy link
Author

Avskum commented Sep 4, 2020

With openssl I have output with "No client certificate CA names sent".

@jcormier
Copy link
Collaborator

jcormier commented Sep 4, 2020

You can configure for HTTPS without modifying nginx.
https://github.com/sameersbn/docker-redmine#ssl

@Avskum
Copy link
Author

Avskum commented Sep 4, 2020

Well, not sure how to do it with docker-composer..but that does not solve my problem..

@jcormier
Copy link
Collaborator

jcormier commented Sep 4, 2020

I added a ssl example for docker-compose
https://github.com/sameersbn/docker-redmine/blob/master/docker-compose-ssl.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants