search

Finb / bark-server

Backend of Bark
https://bark.day.app
MIT License
2.62k stars 423 forks source link

与苹果推送服务器传输数据失败【非dock方式自建】 #29

Closed Whichbfj28 closed 3 years ago

Whichbfj28 commented 3 years ago

{"code":400,"data":null,"message":"与苹果推送服务器传输数据失败: Post \"https://api.push.apple.com/3/device/de48279c61d2dd9bca3b8aaf5d416cf68293cf39b*******e7edded992386015\": x509: certificate signed by unknown authority"}

Whichbfj28 commented 3 years ago

访问https://*.org/ping网址是这样的 {"code":200,"data":{"arch":"linux/amd64","build":"2020-12-02 11:24:17","commit":"891b952e458412bc9999a090bafcbefa5aa5e5c8","version":"v1.0.2"},"message":"pong"}

Finb commented 3 years ago 
apt-get update && apt-get install -y ca-certificates

安装下CA证书 试试看

mritd commented 3 years ago

证书过期了,用最新版本试一下

mritd commented 3 years ago 

apt-get update && apt-get install -y ca-certificates

安装下CA证书 试试看

我有时间重构 V2 吧

Whichbfj28 commented 3 years ago 
apt-get更新&& apt-get安装-y ca-certificates

安装下CA证书试试看

好像是最新的证书 Fetched 1,470 kB in 2s (504 kB/s) Reading package lists... Done Reading package lists... Done Building dependency tree
Reading state information... Done ca-certificates is already the newest version (20200601~deb9u1). 0 upgraded, 0 newly installed, 0 to remove and 21 not upgraded.

Whichbfj28 commented 3 years ago

证书过期了,用最新版本试一下

我要怎么操作。是更新我自己bark域名的证书。还是源代码里面自带的证书过期了。

mritd commented 3 years ago

看着像根 CA 不受信,你试试 apt update 一下然后 install ca-....

Whichbfj28 commented 3 years ago

看着像根 CA 不受信,你试试 apt update 一下然后 install ca-....

运行:apt-get update && apt-get install -y ca-certificates后,显示:

Building dependency tree Reading state information... Done ca-certificates is already the newest version (20200601~deb9u1). 0 upgraded, 0 newly installed, 0 to remove and 21 not upgraded.

Finb commented 3 years ago

安装一下 GeoTrust Global CA 根证书。

从这里下载 https://www.geotrust.com/resources/root-certificates/https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem

wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem   \
    && mkdir /usr/local/share/ca-certificates/extra                                                                       \
    && mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt                            \
    && update-ca-certificates
mritd commented 3 years ago

curl -iv https://api.push.apple.com 看下

Whichbfj28 commented 3 years ago

yun Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.

安装一下 GeoTrust Global CA 根证书。

从这里下载 https://www.geotrust.com/resources/root-certificates/https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem

wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem   \
    && mkdir /usr/local/share/ca-certificates/extra                                                                       \
    && mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt                            \
    && update-ca-certificates

运行代码后。提示: Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.

仍旧不生效 我是的域名的ssl证书在正常状态。

Whichbfj28 commented 3 years ago

curl -iv https://api.push.apple.com

安装GeoTrust Global CA 根证书后运行代码提示: root@VM:~# curl -iv https://api.push.apple.com

<

mritd commented 3 years ago

重启一下 bark server 再试试

Whichbfj28 commented 3 years ago

安装一下 GeoTrust Global CA 根证书。

从这里下载 https://www.geotrust.com/resources/root-certificates/https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem

wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem   \
    && mkdir /usr/local/share/ca-certificates/extra                                                                       \
    && mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt                            \
    && update-ca-certificates

已经解决了。谢谢两位大佬。运行这个代码后。重启bark、nginx后解决。

Whichbfj28 commented 3 years ago

重启一下 bark server 再试试

已经解决了。谢谢两位大佬。安装ca证书后。重启bark、nginx后解决。

mritd commented 3 years ago

@Finb apple 的推送地址证书这么骚么?中间有什么故事还是咋回事,为啥不受信呢

Finb commented 3 years ago

@mritd 母鸡啊~ 估计就是单纯的系统没内置吧,没啥故事

Whichbfj28 commented 3 years ago

这个工具配合哪吒面板用来监控vps在合适不过了。哈哈。https://github.com/naiba/nezha

Whichbfj28 commented 3 years ago

@mritd 母鸡啊~ 估计就是单纯的系统没内置吧,没啥故事

谢谢大佬提供的工具。有没有交流群。给个门

Finb commented 3 years ago

没有交流群喔,这只是个简单的小工具😀

mritd commented 3 years ago

先别关,过两天我尝试直接内置 CA

Whichbfj28 commented 3 years ago

先别关,过两天我尝试直接内置 CA

好的。

Whichbfj28 commented 3 years ago

没有交流群喔,这只是个简单的小工具😀

我觉得这个可以有 😄哈哈

Alion548 commented 3 years ago

Fedora 33 遇到相同问题,已经安装 ca-certificates-2020.2.41-4.fc33.noarch

curl -iv https://api.push.apple.com
*   Trying 17.188.162.14:443...
* Connected to api.push.apple.com (17.188.162.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=api.push.apple.com; OU=management:idms.group.533599; O=Apple Inc.; ST=California; C=US
*  start date: Mar 14 17:50:10 2019 GMT
*  expire date: Apr 12 17:50:10 2021 GMT
*  subjectAltName: host "api.push.apple.com" matched cert's "api.push.apple.com"
*  issuer: CN=Apple IST CA 2 - G1; OU=Certification Authority; O=Apple Inc.; C=US
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55b6549dae60)
> GET / HTTP/2
> Host: api.push.apple.com
> user-agent: curl/7.71.1
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 1)!
< HTTP/2 405
HTTP/2 405
< apns-id: 27BC6989-A8DB-2EB6-6204-BCF5D7BEC26C
apns-id: 27BC6989-A8DB-2EB6-6204-BCF5D7BEC26C

<
* Connection #0 to host api.push.apple.com left intact
{"reason":"MethodNotAllowed"}#
Finb commented 3 years ago

Fedora 33 遇到相同问题,已经安装 ca-certificates-2020.2.41-4.fc33.noarch

curl -iv https://api.push.apple.com
*   Trying 17.188.162.14:443...
* Connected to api.push.apple.com (17.188.162.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=api.push.apple.com; OU=management:idms.group.533599; O=Apple Inc.; ST=California; C=US
*  start date: Mar 14 17:50:10 2019 GMT
*  expire date: Apr 12 17:50:10 2021 GMT
*  subjectAltName: host "api.push.apple.com" matched cert's "api.push.apple.com"
*  issuer: CN=Apple IST CA 2 - G1; OU=Certification Authority; O=Apple Inc.; C=US
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55b6549dae60)
> GET / HTTP/2
> Host: api.push.apple.com
> user-agent: curl/7.71.1
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 1)!
< HTTP/2 405
HTTP/2 405
< apns-id: 27BC6989-A8DB-2EB6-6204-BCF5D7BEC26C
apns-id: 27BC6989-A8DB-2EB6-6204-BCF5D7BEC26C

<
* Connection #0 to host api.push.apple.com left intact
{"reason":"MethodNotAllowed"}#

你这个是正常的呀

Alion548 commented 3 years ago

bark就不正常了: {"code":400,"data":null,"message":"与苹果推送服务器传输数据失败: Post \"https://api.push.apple.com/3/device/db931ef431da0218b9604f8c97286678b6064908d34cad26eef5f4c7cb656698\": remote error: tls: expired certificate"}

Finb commented 3 years ago

bark就不正常了: {"code":400,"data":null,"message":"与苹果推送服务器传输数据失败: Post "https://api.push.apple.com/3/device/db931ef431da0218b9604f8c97286678b6064908d34cad26eef5f4c7cb656698\": remote error: tls: expired certificate"}

你这个是很早之前下载的 bark 服务端吧?内嵌的证书过期了,需要更新一下 curl http://服务地址/ping 看下

Alion548 commented 3 years ago

bark就不正常了: {"code":400,"data":null,"message":"与苹果推送服务器传输数据失败: Post "https://api.push.apple.com/3/device/db931ef431da0218b9604f8c97286678b6064908d34cad26eef5f4c7cb656698": remote error: tls: expired certificate"}

你这个是很早之前下载的 bark 服务端吧?内嵌的证书过期了,需要更新一下 curl http://服务地址/ping 看下

{"code":200,"data":{"arch":"linux/amd64","build":"2020-09-28 11:05:21","commit":"8b5ee32c7221569467fa72bcfa2773d74f3f6342","version":"v1.0.2"},"message":"pong"}
Alion548 commented 3 years ago

我用git最新代码编译一份就正常了,要更新下release的版本了。

Finb commented 3 years ago

release 版本12月份已经更新了,现在内嵌的证书不会过期