search

aisstream / issues

7 stars 3 forks source link

[Outage] Certificate expired as automatic renewal failed. Running without SSL should restore service. #31

Closed jay-tux closed 1 year ago

jay-tux commented 1 year ago

While running the slightly modified python example (adding while True loop, adding try-except to get the actual error), got the following line:

Got an error: 
Full details: ConnectionResetError()

---------------- Next Attempt ---------------
Got an error: 
Full details: ConnectionResetError()

---------------- Next Attempt ---------------
Got an error: 
Full details: ConnectionResetError()

---------------- Next Attempt ---------------
Got an error: 
Full details: ConnectionResetError()

---------------- Next Attempt ---------------
Got an error: 
Full details: ConnectionResetError()

---------------- Next Attempt ---------------
Got an error: 
Full details: ConnectionResetError()

---------------- Next Attempt ---------------
Got an error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1002)
Full details: SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1002)')

Python code:

... imports ...

async def connect_ais_stream():
    while True:
        try:
            async with websockets.connect("wss://stream.aisstream.io/v0/stream") as websocket:
                ... existing code ...

        except Exception as e:
            print(f'Got an error: {e}')
            print(f'Full details: {repr(e)}')
        print('\n---------------- Next Attempt ---------------')

if __name__ == "__main__":
    asyncio.run(connect_ais_stream())

Curl'ing using https instead of wss seems to give the same issue:

$ curl.exe https://stream.aisstream.io/v0/stream -vvv
*   Trying 5.161.115.209:443...
* Connected to stream.aisstream.io (5.161.115.209) port 443 (#0)
* schannel: disabled automatic use of client certificate
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with stream.aisstream.io port 443
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed
FredericDalibard commented 1 year ago

same here. Running a go client that returns: "tls: failed to verify certificate: x509: certificate has expired or is not yet valid: “stream.aisstream.io” certificate is expired"

jotagarciaz commented 1 year ago

They might be under maintenance or something, because I am receiving the same errors here.

aisstream commented 1 year ago

Hello everyone, the issue is our cert expired and our automatic renewal system has failed. We are working to manually get a new cert.

In the mean time, disabling ssl should restore service, I have verified this works with both the golang and ssl disable python example.

aisstream commented 1 year ago

Update: Certificate is renewed, service should be restored with retries.

Note:

It appears we may have another issue as some connections will be dropped and not return data. Looking into this now.

aisstream commented 1 year ago

We have identified that a rate limiting configuration was misconfigured. This may explain why connections would succeed/fail randomly. Holding off closing this until we can identify that is the root cause.

aisstream commented 1 year ago

Closing issue as it is resolved.