Closed shubham1164 closed 5 years ago
I have provided the prod certificate and private key files (both .pem) also. I am using fastlane to create the .pem files .Now getting this error in docker:
13:22:26.654 [info] TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
=CRASH REPORT==== 29-Jan-2019::13:22:26 === crasher: initial call: h2_connection:init/1 pid: <0.1474.0> registered_name: [] exception exit: {tls_alert,"unknown ca"} in function gen_statem:init_result/6 (gen_statem.erl, line 728) ancestors: [apns_prod_5,'Elixir.MongoosePush.Supervisor',<0.1438.0>] message_queue_len: 0 messages: [] links: [<0.1454.0>] dictionary: [] trap_exit: false status: running heap_size: 987 stack_size: 27 reductions: 8665 neighbours: 13:22:26.655 [error] {:tls_alert, 'unknown ca'} 13:22:26.660 [error] CRASH REPORT Process <0.1474.0> with 0 neighbours exited with reason: {tls_alert,"unknown ca"} in gen_statem:init_result/6 line 728 13:22:26.901 [info] TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
=CRASH REPORT==== 29-Jan-2019::13:22:26 === crasher: initial call: h2_connection:init/1 pid: <0.1478.0> registered_name: [] exception exit: {tls_alert,"unknown ca"} in function gen_statem:init_result/6 (gen_statem.erl, line 728) ancestors: [apns_prod_5,'Elixir.MongoosePush.Supervisor',<0.1438.0>] message_queue_len: 0 messages: [] links: [<0.1454.0>] dictionary: [] trap_exit: false status: running heap_size: 987 stack_size: 27 reductions: 8652 neighbours: 13:22:26.902 [error] {:tls_alert, 'unknown ca'} 13:22:26.907 [error] CRASH REPORT Process <0.1478.0> with 0 neighbours exited with reason: {tls_alert,"unknown ca"} in gen_statem:init_result/6 line 728 13:22:27.153 [info] TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
=CRASH REPORT==== 29-Jan-2019::13:22:27 === crasher: initial call: h2_connection:init/1 pid: <0.1480.0> registered_name: [] exception exit: {tls_alert,"unknown ca"} in function gen_statem:init_result/6 (gen_statem.erl, line 728) ancestors: [apns_prod_5,'Elixir.MongoosePush.Supervisor',<0.1438.0>] message_queue_len: 0 messages: [] links: [<0.1454.0>] dictionary: [] trap_exit: false status: running heap_size: 987 stack_size: 27 reductions: 8656 neighbours: 13:22:27.154 [error] {:tls_alert, 'unknown ca'} 13:22:27.154 [error] Failed to establish SSL connection. Is the certificate signed for :prod mode?
13:22:27.154 [warning] Unable to complete push request due to unable_to_connect 13:22:27.160 [error] CRASH REPORT Process <0.1480.0> with 0 neighbours exited with reason: {tls_alert,"unknown ca"} in gen_statem:init_result/6 line 728
// logs from mongooseimctl live: [warning] Unable to submit push notification. ErrorCode 503, Payload <<"{\"details\":\"Please try again later\"}">>
Hi @shubham1164 ,
The issue right above looks like using DEV certs as PROD ones (as they are rejected by APNS).
As for the initial issue:
If you're building the MongoosePush from source, it's quite easy - you just remove prod
pool from APNS configuration (https://github.com/esl/MongoosePush#apns-configuration)
In Docker this is simply not supported as both DEV and PROD pool are always enabled together. I do however see workaround:
You can provide DEV certificates both as DEV and PROD ones to trick MongoosePush. But, as you do that, you have to "tell" MongoosePush to connect PROD pool to DEV APNS sandbox (so that certificates are not rejected). In order to do that, set env variable PUSH_APNS_PROD_ENDPOINT
to api.development.push.apple.com
(default value for DEV pools). This way both pools will hit the same APNS sandbox with the same certificate.
Thanks
I am working in development mode only for now. I have successfully provided the dev (key and certificates). Concerns:
// output from mongooseim live logs: [warning] Unable to submit push notification. ErrorCode 500, Payload <<"null">>
// output from mongooseimPush docker logs [error] %FunctionClauseError{args: nil, arity: 1, clauses: nil, function: :keys, kind: nil, module: Keyword}
The same setup is working fine for Android but in case of IOS not working and showing these error logs (shown above)