Electrum won't connect to EPS anymore

[dimix000]

Within a day, Electrum is not connecting to EPS anymore. Bitcoin Core is fully synced, EPS is connected to Bitcoin Core, loads good, when broadcasting a transaction connected to the wallet, EPS shows it.

So error comes 100% from the Electrum side in my opinion. I saw a similar issue here. The user takes the logs of Electrum but I don't know how to do that on a Mac.

I did what Chris said here by typing network.debug = True. Now I don't know how to extract logs.

Thank you for help!

[dimix000]

Update : I could get the logs from Electrum

230312T195427.831721Z | INFO | network | connecting to localhost:50002:s as new interface 20230312T195427.856368Z | INFO | interface.[localhost:50002] | certificate has expired: Certificate (unknown) has expired (at 2023-03-11 21:07:58 UTC). 20230312T195427.891529Z | INFO | interface.[localhost:50002] | succeeded in getting cert 20230312T195428.116995Z | WARNING | interface.[localhost:50002] | Cannot connect to main server due to SSL error (maybe cert changed compared to "/Users/mycomp/.electrum/certs/localhost"). Exc: ConnectError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)')) 20230312T195428.119669Z | INFO | network | couldn't launch iface localhost:50002:s -- CancelledError() 20230312T195438.505341Z | INFO | network | connecting to localhost:50002:s as new interface 20230312T195438.530765Z | INFO | interface.[localhost:50002] | certificate has expired: Certificate (unknown) has expired (at 2023-03-11 21:07:58 UTC). 20230312T195438.568927Z | INFO | interface.[localhost:50002] | succeeded in getting cert 20230312T195438.796474Z | WARNING | interface.[localhost:50002] | Cannot connect to main server due to SSL error (maybe cert changed compared to "/Users/mycomp/.electrum/certs/localhost"). Exc: ConnectError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)')) 20230312T195438.799185Z | INFO | network | couldn't launch iface localhost:50002:s -- CancelledError() 20230312T195448.573065Z | INFO | network | connecting to localhost:50002:s as new interface 20230312T195448.600010Z | INFO | interface.[localhost:50002] | certificate has expired: Certificate (unknown) has expired (at 2023-03-11 21:07:58 UTC). 20230312T195448.638942Z | INFO | interface.[localhost:50002] | succeeded in getting cert 20230312T195448.865992Z | WARNING | interface.[localhost:50002] | Cannot connect to main server due to SSL error (maybe cert changed compared to "/Users/mycomp/.electrum/certs/localhost"). Exc: ConnectError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)')) 20230312T195448.869208Z | INFO | network | couldn't launch iface localhost:50002:s -- CancelledError()

So the error comes from this certificate. I tried to delete all the certificates in cert, a new one is generated when electrum is relaunched but still light stays on the red.

Any ideas?

[samontab]

You're probably using the default certificate, which just expired as they're 5 years old today:

wget https://raw.githubusercontent.com/chris-belcher/electrum-personal-server/master/electrumpersonalserver/certs/cert.crt
openssl x509 -enddate -in cert.crt

It says: notAfter=Mar 12 00:07:58 2023 GMT

The solution to this issue is to simply generate a self-signed certificate for 5 more years. Here are the steps to do it, slightly changed from the official steps to match the default names:

First, go to where you have the source code of this project, specifically to the certs folder(plus make a backup just in case):

cd EPS_PATH/electrumpersonalserver/certs
cp -r ../certs ../certs_backup
rm cert.*

And now simply generate your self-signed certificate there:

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out cert.key
rm server.pass.key
openssl req -new -key cert.key -out cert.csr
openssl x509 -req -days 1825 -in cert.csr -signkey cert.key -out cert.crt

You can confirm that this certificate will be valid for 5 more years with this:

openssl x509 -enddate -in cert.crt

You can then install the certificates along with the application:

pip3 install --user .

And now you should be able to connect.

[dimix000]

Thank you, issue solved.

For the pip3, I had to execute it as "sudo pip3 install --user ." directly at the EPS folder level and not in the cert. folder.

[ohwussup]

could you possibly write this in 5 year old terms. Where do I put these codes in a command line or a text file?

[samontab]

could you possibly write this in 5 year old terms. Where do I put these codes in a command line or a text file?

The error happens because a file included in this project, the certificate, is expired (they created it with a 5 year expiration date, 5 years ago). The file I'm talking about is found in your local copy at electrumpersonalserver/certs/cert.crt, or online at https://github.com/chris-belcher/electrum-personal-server/blob/master/electrumpersonalserver/certs/cert.crt

To fix this, you need to generate a new certificate file valid for 5 more years (or wait until this repository is updated with a new certificate).

So, to generate a new certificate, you need to have a system with openssl installed. I'm going to assume you're on Windows, but any other system with openssl installed would work. Probably the easiest way to get openssl in Windows is to have git installed and then open Git Bash from the "Start/Windows" menu. It will open a command line, this is where you need to write the following commands(EPS_PATH is the directory where you have the local copy of this repository, so change it to match your local path):

cd EPS_PATH/electrumpersonalserver/certs
openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
openssl rsa -passin pass:xxxx -in server.pass.key -out cert.key
rm server.pass.key
openssl req -new -key cert.key -out cert.csr
openssl x509 -req -days 1825 -in cert.csr -signkey cert.key -out cert.crt

Copy and paste these lines, one by one, and check that there are no errors. At some point it will ask you some questions, either accept the defaults or write what you want. After that, your certificate file will be valid for 5 more years. Now you need to install the app to use this file. To do that, install as per the instructions:

cd EPS_PATH
pip3 install --user .

And that should be it.

[Coinomatron]

@samontab Worked like a charm, although x as password wasn't accepted. Thanks!

[mrbpp]

Hello, i have a problem with:

pip3 install --user . ? Show Error ?

Terminal:

~ pip3 --version pip 23.0.1 from /usr/local/lib/python3.7/dist-packages/pip (python 3.7)

~ pip3 install wheel - tried with that for second time but the same

~ pip3 install --user .

Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple Processing /home/pi/Downloads/server-eps Preparing metadata (setup.py) ... done Building wheels for collected packages: electrum-personal-server Building wheel for electrum-personal-server (setup.py) ... error error: subprocess-exited-with-error

× python setup.py bdist_wheel did not run successfully. │ exit code: 1 ╰─> [17 lines of output] running bdist_wheel running build running build_py running egg_info writing electrum_personal_server.egg-info/PKG-INFO writing dependency_links to electrum_personal_server.egg-info/dependency_links.txt writing entry points to electrum_personal_server.egg-info/entry_points.txt writing top-level names to electrum_personal_server.egg-info/top_level.txt reading manifest file 'electrum_personal_server.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no files found matching 'doc/*.md' writing manifest file 'electrum_personal_server.egg-info/SOURCES.txt' installing to build/bdist.linux-armv7l/wheel running install running install_lib creating build/bdist.linux-armv7l error: could not create 'build/bdist.linux-armv7l': Permission denied [end of output]

note: This error originates from a subprocess, and is likely not a problem with pip. ERROR: Failed building wheel for electrum-personal-server Running setup.py clean for electrum-personal-server Failed to build electrum-personal-server Installing collected packages: electrum-personal-server Attempting uninstall: electrum-personal-server Found existing installation: electrum-personal-server 0.2.4 Uninstalling electrum-personal-server-0.2.4: Successfully uninstalled electrum-personal-server-0.2.4 Running setup.py install for electrum-personal-server ... error error: subprocess-exited-with-error

× Running setup.py install for electrum-personal-server did not run successfully. │ exit code: 1 ╰─> [19 lines of output] running install running build running build_py running egg_info writing electrum_personal_server.egg-info/PKG-INFO writing dependency_links to electrum_personal_server.egg-info/dependency_links.txt writing entry points to electrum_personal_server.egg-info/entry_points.txt writing top-level names to electrum_personal_server.egg-info/top_level.txt reading manifest file 'electrum_personal_server.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no files found matching 'doc/*.md' writing manifest file 'electrum_personal_server.egg-info/SOURCES.txt' running install_lib creating /home/pi/.local/lib/python3.7/site-packages/electrumpersonalserver creating /home/pi/.local/lib/python3.7/site-packages/electrumpersonalserver/certs copying build/lib/electrumpersonalserver/certs/cert.csr -> /home/pi/.local/lib/python3.7/site-packages/electrumpersonalserver/certs copying build/lib/electrumpersonalserver/certs/cert.crt -> /home/pi/.local/lib/python3.7/site-packages/electrumpersonalserver/certs copying build/lib/electrumpersonalserver/certs/cert.key -> /home/pi/.local/lib/python3.7/site-packages/electrumpersonalserver/certs error: could not open 'build/lib/electrumpersonalserver/certs/cert.key': Permission denied [end of output]

note: This error originates from a subprocess, and is likely not a problem with pip. Rolling back uninstall of electrum-personal-server Moving to /home/pi/.local/bin/ from /home/pi/.local/~in Moving to /home/pi/.local/lib/python3.7/site-packages/electrum_personal_server-0.2.4.dist-info/ from /home/pi/.local/lib/python3.7/site-packages/~lectrum_personal_server-0.2.4.dist-info Moving to /home/pi/.local/lib/python3.7/site-packages/electrumpersonalserver/ from /home/pi/.local/lib/python3.7/site-packages/~lectrumpersonalserver Moving to /home/pi/.local/share/doc/electrum-personal-server/ from /home/pi/.local/share/doc/~lectrum-personal-server error: legacy-install-failure

× Encountered error while trying to install package. ╰─> electrum-personal-server

note: This is an issue with the package mentioned above, not pip. hint: See above for output from the failure.

[samontab]

@mrbpp

This line indicates there's an issue with the certificate permissions. "error: could not open 'build/lib/electrumpersonalserver/certs/cert.key': Permission denied"

Make sure those are set correctly, or try installing with sudo: sudo pip3 install .

[mrbpp]

@samontab

sudo pip3 install --upgrade pip Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple Requirement already satisfied: pip in /usr/local/lib/python3.7/dist-packages (23.0.1) WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

sudo pip3 install .

The same error after the two lines.

I do the steps from your post, can't understand why i have issue with certificate permissions.

*Raspberry 4B + SSD boot

Thank you for helping. I will keep trying.

[mrbpp]

Made a file config.ini_sample and now - sudo pip3 install --user . - work, but the file is in root i need to be in home/pi

sudo pip3 install --user . Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple Processing /home/pi/Downloads/server-eps Preparing metadata (setup.py) ... done Building wheels for collected packages: electrum-personal-server Building wheel for electrum-personal-server (setup.py) ... done Created wheel for electrum-personal-server: filename=electrum_personal_server-0.2.4-py3-none-any.whl size=73704 sha256=2a94182606ccba72960f2c914ff7e8f07ab0f212d90f2a0684cc344834c8fa37 Stored in directory: /root/.cache/pip/wheels/01/4e/4c/19567053c72dbd758e81a3bc887f94814c4d30ee76f63c8d40 Successfully built electrum-personal-server Installing collected packages: electrum-personal-server Attempting uninstall: electrum-personal-server Found existing installation: electrum-personal-server 0.2.4 Uninstalling electrum-personal-server-0.2.4: Successfully uninstalled electrum-personal-server-0.2.4 WARNING: The script electrum-personal-server is installed in '/root/.local/bin' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. Successfully installed electrum-personal-server-0.2.4 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

[ohwussup]

If this is all above my head will the github eventually get updated to include a working certificate?

[mrbpp]

please guys if someone can help? i want to use EPS, i liked it, if i can't update the certs i will go to Fulcrum ..

[mrbpp]

please guys if someone can help? i want to use EPS, i liked it, if i can't update the certs i will go to Fulcrum ..

After many tries and errors i found a solution to my problem:

1. Delete build folder in ~eps-folder(how you ever named it)
2. Because i rename config.ini_sample to config.ini, i make it again empty text file
3. And then in ~eps-folder(how you ever named it) in terminal write pip3 install --user .
4. If you use automation: sudo stop systemctl eps -> sudo start systemctl eps or sudo restart systemctl eps

Now everything is fine for me, i hope that helps other people like me with this issue. I want to thank for the great work of the EPS developers, EPS is amazing!

[Liongrass]

I was able to generate a new certificate and get EPS running again. Is this going to be part of a new installation flow? Or does this problem only affect people who have been running EPS for five years or more?

[samontab]

@Liongrass

Updating the certificate manually needs to be done by everyone using EPS today.

But once they update the certificate this step won't be needed. There's already a pull request for it.

[ygyzys83]

could you possibly write this in 5 year old terms. Where do I put these codes in a command line or a text file?

The error happens because a file included in this project, the certificate, is expired (they created it with a 5 year expiration date, 5 years ago). The file I'm talking about is found in your local copy at electrumpersonalserver/certs/cert.crt, or online at https://github.com/chris-belcher/electrum-personal-server/blob/master/electrumpersonalserver/certs/cert.crt

To fix this, you need to generate a new certificate file valid for 5 more years (or wait until this repository is updated with a new certificate).

So, to generate a new certificate, you need to have a system with openssl installed. I'm going to assume you're on Windows, but any other system with openssl installed would work. Probably the easiest way to get openssl in Windows is to have git installed and then open Git Bash from the "Start/Windows" menu. It will open a command line, this is where you need to write the following commands(EPS_PATH is the directory where you have the local copy of this repository, so change it to match your local path):

cd EPS_PATH/electrumpersonalserver/certs
openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
openssl rsa -passin pass:xxxx -in server.pass.key -out cert.key
rm server.pass.key
openssl req -new -key cert.key -out cert.csr
openssl x509 -req -days 1825 -in cert.csr -signkey cert.key -out cert.crt

Copy and paste these lines, one by one, and check that there are no errors. At some point it will ask you some questions, either accept the defaults or write what you want. After that, your certificate file will be valid for 5 more years. Now you need to install the app to use this file. To do that, install as per the instructions:

cd EPS_PATH
pip3 install --user .

And that should be it.

Thanks for your helpful comments.

How does this work if you're accessing the EPS through a separate computer? E.G. I have Bitcoin Core and EPS running on a Raspi, but Electrum Wallet is installed on a laptop which I used to connect to EPS on the Raspi in the past. I went through the new cert gen but still got the same error.

Thanks in advance.

[jiberwabish]

@samontab thanks man! Much appreciated. Nice to see a connection again after so long.

[LeeeNux]

could you possibly write this in 5 year old terms. Where do I put these codes in a command line or a text file?

The error happens because a file included in this project, the certificate, is expired (they created it with a 5 year expiration date, 5 years ago). The file I'm talking about is found in your local copy at electrumpersonalserver/certs/cert.crt, or online at https://github.com/chris-belcher/electrum-personal-server/blob/master/electrumpersonalserver/certs/cert.crt To fix this, you need to generate a new certificate file valid for 5 more years (or wait until this repository is updated with a new certificate). So, to generate a new certificate, you need to have a system with openssl installed. I'm going to assume you're on Windows, but any other system with openssl installed would work. Probably the easiest way to get openssl in Windows is to have git installed and then open Git Bash from the "Start/Windows" menu. It will open a command line, this is where you need to write the following commands(EPS_PATH is the directory where you have the local copy of this repository, so change it to match your local path):

cd EPS_PATH/electrumpersonalserver/certs
openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
openssl rsa -passin pass:xxxx -in server.pass.key -out cert.key
rm server.pass.key
openssl req -new -key cert.key -out cert.csr
openssl x509 -req -days 1825 -in cert.csr -signkey cert.key -out cert.crt

Copy and paste these lines, one by one, and check that there are no errors. At some point it will ask you some questions, either accept the defaults or write what you want. After that, your certificate file will be valid for 5 more years. Now you need to install the app to use this file. To do that, install as per the instructions:

cd EPS_PATH
pip3 install --user .

And that should be it.

Thanks for your helpful comments.

How does this work if you're accessing the EPS through a separate computer? E.G. I have Bitcoin Core and EPS running on a Raspi, but Electrum Wallet is installed on a laptop which I used to connect to EPS on the Raspi in the past. I went through the new cert gen but still got the same error.

Thanks in advance.

Related to your last question: I had to do the steps as mentions from samontab on Mar 16. The external Electrum-Wallet was in logging mode and showed me the ssl-cert-errors, also i restarted eps with new certs. i needed to chown certs to the user, that is running the service eps on server side (should be same like the old certs) and also delete ~/.electrum/certs/* on electrum-wallet side. after a while the electrum logs showed the successfull grab of the new certs and the wallet showed connection again.

[ProfEduStream]

Hi guys,

I struggled a lot to connect Electrum <-> EPS <-> Bitcoin Core, especially 'cause of the .cookie path, the certificat problem, the configuration of config.ini and the 127.0.0.1 cookie file of Electrum.

There aren't lots of helps on Windows. That's why i've decided yesterday to do a full-explained tutorial on youtube, which explains everything: how to do, how to resolve all configuration problems, etc... Link: https://www.youtube.com/watch?v=wxiH8hG9G-4&ab_channel=ProfEduStream It's in french, but you can add subtitles on your own langage.

Hope it gonna help the community.

Bye 👋

[leilerg]

@samontab - Thanks for putting this together, had the same issue and worked like a charm!!