Closed KeiroD closed 1 year ago
Hi, the easiest way to do this is to place the certificate authority chain in your OS's certificate store. Deno can trust what your operating system trusts.
Once it is in your OS's certificate store run:
export DENO_TLS_CA_STORE=system
before running the binary. For docker this process is much more involved.
If you cannot do that, run from source with the --unsafely-ignore-certificate-errors
flag. I'm not supporting this in configuration as one can modify the certificate store for a much more secure experience.
You will need to install Deno for your OS as well as Git. It's a one-liner command to install.
Then from a terminal:
## Clone the repo
git clone https://github.com/aronson/discord-irc.git
## copy your config.json in
cp /path/to/config.json discord-irc
## Enter source directory
cd discord-irc
## Start with deno manually with certificate validation disabled
deno run --allow-net --allow-env=CONFIG_FILE,DEBUG,VERBOSE,NODE_EXTRA_CA_CERTS --allow-read --allow-write --unsafely-ignore-certificate-errors discord-irc.ts
Untested.
That's fair and a good default. Excellent call.
I'll go ahead and close this then. :)
Clarity would be helpful though, in terms of errors.
The errors are somewhat outside of my control as the author of this discord-irc rewrite. You're seeing exactly what I see in code from Deno-IRC, the library that provides the IRC connection and support this bot uses. There's no way to know it's a self-signed cert here.
I'm a newfound contributor to that library so I can take a look at enhancing the error reporting on that side.
The errors are somewhat outside of my control as the author of this discord-irc rewrite. You're seeing exactly what I see in code from Deno-IRC, the library that provides the IRC connection and support this bot uses. There's no way to know it's a self-signed cert here.
I'm a newfound contributor to that library so I can take a look at enhancing the error reporting on that side.
Ahhh... fair enough! That makes sense. I appreciate it, honestly.
Was helping a friend run this copy of Discord-IRC and it turns out that their server was running with a self-signed SSL certificate that Discord-IRC really didn't like and was showing strange behaviour with not very useful info with regards to that aspect. For example:
I was able to reproduce it with my bot by testing the above and confirming that it was yelling about the cert in a rather obtuse manner. Once they swapped to a valid Let's Encrypt cert though, the issue of course went away.
Might be worth having a config option to ignore such checks, particularly if testing this? This was happening in both Docker and non-docker modes of the bot.