search

errbotio / errbot

Errbot is a chatbot, a daemon that connects to your favorite chat service and bring your tools and some fun into the conversation.
http://errbot.io
GNU General Public License v3.0
3.13k stars 615 forks source link

Certificate of https://repos.errbot.io/ expired. Unable to install new plugins. #1249

Closed malt3 closed 5 years ago

malt3 commented 6 years ago

In order to let us help you better, please fill out the following fields as best you can:

I am...

I am running...

Issue description

The certificate of https://repos.errbot.io/ expired on 24th of August 2018. This server provides the plugin repo that is loaded whenever a new package is installed from https://repos.errbot.io/repos.json

Steps to reproduce

Install a repo using the following command:

!repos install [repo_name]

e.g.:

< !repos install https://github.com/drsm79/err-xkcd
> Installing https://github.com/drsm79/err-xkcd...
> Computer says nooo. See logs for details:
> b'repo_index'

Additional info

Output of errbot:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1045)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/malte/.virtualenvs/errbot-ve/lib/python3.7/site-packages/errbot/repo_manager.py", line 120, in index_update
    with urlopen(url=source, timeout=10) as request:  # nosec
  File "/usr/lib64/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib64/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1045)>
11:15:10 ERROR    errbot.core               An error happened while processing a message ("!repos install https://github.com/drsm79/err-xkcd"): Traceback (most recent call last):
  File "/usr/lib64/python3.7/shelve.py", line 111, in __getitem__
    value = self.cache[key]
KeyError: 'repo_index'
marksull commented 6 years ago

I've seen the same issue today. As a workaround looks like you can override this in the config file with the following using http only. Will test tomorrow.....

BOT_PLUGIN_INDEXES = 'http://repos.errbot.io/repos.json'

sijis commented 6 years ago

@gbin @gbin-argo ping!

mkj28 commented 6 years ago

cert still expired

2018-09-28_0037
bladecoates commented 6 years ago

Is this going to be fixed or Is this project abandoned?

gbin commented 6 years ago

I gonna fix this, sorry it took me so long.

gbin commented 6 years ago

Fixed, bug me back before jan 2. Thanks so much for your patience!

mkj28 commented 6 years ago

thanks @gbin !!

komodo472 commented 5 years ago

@gbin the cert has expired again.

muppeth commented 5 years ago

ping @gbin Happy New SSL Year! :D

gbin commented 5 years ago

Gonna do it sorry guys, it is crazy at work :(

On Fri, Jan 11, 2019, 18:38 muppeth <notifications@github.com wrote:

ping @gbin https://github.com/gbin Happy New SSL Year! :D

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/errbotio/errbot/issues/1249#issuecomment-453691681, or mute the thread https://github.com/notifications/unsubscribe-auth/AA7izADkzuD1eXKUuRM6RprVwTPgZzF5ks5vCSB9gaJpZM4WNmu9 .

pmoranga commented 5 years ago

is it happenign again ?

curl -v -k https://repos.errbot.io/

  • Trying 172.217.17.147...
  • TCP_NODELAY set
  • Connected to repos.errbot.io (172.217.17.147) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/cert.pem CApath: none
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=repos.errbot.io
  • start date: Jan 12 15:07:27 2019 GMT * expire date: Apr 12 15:07:27 2019 GMT
jseiser commented 5 years ago

@gbin

sijis commented 5 years ago

Its fixed.

nicholasamorim commented 5 years ago

This seems to be happening again