Xuxe
commented
7 years ago Hi,
i will change it ASAP thx for report... must be intruded by the last pr #2. Sorry.
Which problem do you have with SSL :question:
:smile:
Closed rlko closed 7 years ago
Xuxe
commented
7 years ago Hi,
i will change it ASAP thx for report... must be intruded by the last pr #2. Sorry.
Which problem do you have with SSL :question:
:smile:
rlko
commented
7 years ago Hi, hmm, okay so to begin with, I use Debian to host Sinusbot remotely in a dedicated server let's say domain.com
I made a vhost using NGINX to access domain.com:8087 on sub.domain.com:
server {
listen 443 ssl;
server_name sub.domain.com;
ssl_certificate /path/to/ssl/crt.pem;
ssl_certificate_key /path/to/ssl/key.pem;
location / {
proxy_pass https://localhost:8087;
}
}cert is based on sub.domain.com and done by Let's Encrypt
I've got this once I turn on SSL:
$ python sinusbot_uploader.py 127.0.0.1 8087 user password ../dl/ SSL
Traceback (most recent call last):
File "sinusbot_uploader.py", line 153, in <module>
bot = Sinusbot(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4], True)
File "sinusbot_uploader.py", line 27, in __init__
self.botId = self.DefaultId()
File "sinusbot_uploader.py", line 40, in DefaultId
conn.request("GET", "/api/v1/botId")
File "/usr/lib/python2.7/httplib.py", line 1039, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1073, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 1035, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 879, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 841, in send
self.connect()
File "/usr/lib/python2.7/httplib.py", line 1250, in connect
server_hostname=server_hostname)
File "/usr/lib/python2.7/ssl.py", line 350, in wrap_socket
_context=self)
File "/usr/lib/python2.7/ssl.py", line 566, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)Additionally,
In config.ini:
UseSSL = true
SSLKeyFile = "/path/to/ssl/key.pem"
SSLCertFile = "/path/to/ssl/crt.pem"
Hostname = "sub.domain.com"In ./sinusbot:
2017/03/14 14:03:49 http: TLS handshake error from x.x.x.x:40292: remote error: unknown certificate authority
2017/03/14 14:03:55 http: TLS handshake error from 127.0.0.1:34277: remote error: unknown certificate authority
2017/03/14 14:04:08 http: TLS handshake error from [::1]:60424: remote error: unknown certificate authority
2017/03/14 14:04:38 http: TLS handshake error from [::1]:60437: remote error: unknown certificate authority
2017/03/14 14:04:58 http: TLS handshake error from 127.0.0.1:34307: remote error: unknown certificate authoritycert files are the same for Sinusbot and NGINX's vhost and is for sub.domain.com
I also tried to change the address from localhost to domain.com, sub.domain.com in:
$ python sinusbot_uploader.py localhost 8087 user password ../dl/ SSL
I don't know where I messed up
Xuxe
commented
7 years ago Mhm, i think your cert / settings are fine.
But it seems your system does not recognize Let's Encrypt as valid CA. -> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Can you trie this:
apt update && apt install ca-certificates followed by a update-ca-certificates
This should install and update the common CA certificates and should fix your issue. May we have to add a option for ignoring self signed ssl certificates.
rlko
commented
7 years ago I just tried, nothing changed. But yeah, I would appreciate this option.
It looks like you made 2 variables (
recursiveandrecurse) for recursivity. It seems to be working if I replace one by the other. Anyway thanks for this script.I've got another issue (SSL) but I don't think it's coming from your script.