search

cockpit-project / cockpit

Cockpit is a web-based graphical interface for servers.
http://www.cockpit-project.org/
GNU Lesser General Public License v2.1
11.23k stars 1.11k forks source link

Unable to login - gnutls_handshake failed #14223

Closed pocelka closed 3 years ago

pocelka commented 4 years ago

Cockpit version: cockpit-220-1.fc31.x86_64 OS: Fedora 31 (Server Edition) Page: Login screen

I have two machines at home. One W10 and one F31 which is used as a storage server. I've just updated Fedora 30 to 31 and wanted to start playing with cockpit. I installed it by installation manual, however when I try to login from my W10 machine I get:

Connection failed
There was an unexpected error while connecting to the machine.
Messages related to the failure might be found in the journal:
journalctl -u cockpit

Journactl is showing just:

Jun 13 01:14:30 storage.localdomain cockpit-tls[143052]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
Jun 13 01:16:57 storage.localdomain systemd[1]: cockpit.service: Succeeded.
Jun 13 01:24:19 storage.localdomain systemd[1]: Starting Cockpit Web Service...
Jun 13 01:24:19 storage.localdomain systemd[1]: Started Cockpit Web Service.
Jun 13 01:24:31 storage.localdomain cockpit-tls[145316]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.

Ports are enabled. SELINUX is set to permisive.

I can connect direclty from F31 (from localhost) but it seems like there might be something wrong with self-certificates or something.

There are few issues already open for something similar but it doesn't seem like it's related to my problem.

Any idea how to make it work?

jrlepage commented 4 years ago

I’m getting a similar error on Ubuntu Server 20.04 LTS. It seems like all my self-signed certificates (generated by Cockpit) are owned by root and only root if this matters. This is on a machine with nothing installed except the bare metal OS and Cockpit.

linlinlin1992 commented 4 years ago

same here... Ubuntu Server 20.04 LTS.

Vykook commented 4 years ago

Same on current Clear Linux

martinpitt commented 3 years ago

That is mostly just a sign that the browser aborted the initial connnection due to the self-signed certificate. It should ask you whether or not to accept it. This message is a red herring, and tracked in issue #14896 with more detail, so closing as a duplicate.