search

exoframejs / exoframe

Exoframe is a self-hosted tool that allows simple one-command deployments using Docker
https://exoframejs.github.io/exoframe/
1.14k stars 57 forks source link

Login error: Unable to verify the first certificate #280

Closed HTLFabian closed 4 years ago

HTLFabian commented 4 years ago

Hello, I tried to install exoframe and set everything up according to the docs. I'm running a dedicated traefik instance (not the one bundled) and configured SSL/TLS.

When I try to login (endpoint correctly set), the following error message occurs: Error logging in! Error getting login request phrase. Make sure your endpoint is correct! RequestError: unable to verify the first certificate

If I call my configured endpoint with /login (as the exoframe CLI does), I receive a login request phrase like it's expected by the CLI.

The certificate is a fresh Let's Encrypt wildcard certificate. Calling the endpoint with the browser, the automatic http to https upgrade is working as expected and the certificate is valid. (Note: The configured endpoint starts with https, just wanted to mention the upgrade would work)

Screenshot of the Traefik router: image

yamalight commented 4 years ago

@HTLFabian How does your config look? Are you using http://.. or https://.. prefix for endpoint? If it's http - this might be the issue

Edit: could you also test in a browser whether endpoint opens and shows exoframe logo?

HTLFabian commented 4 years ago

@yamalight I'm using https for the endpoint. When opening the endpoint, "Powered by Exoframe" is displayed, along with the logo and the GitHub link. Config:

endpoint: 'https://<my-hostname>'
endpoints:
  - endpoint: 'http://localhost:8080'
    user: null
    token: null
user: null
token: null
yamalight commented 4 years ago

Hmm, that's strange - then it should work fine 🤔 Are you using any proxies or VPNs for requests?

HTLFabian commented 4 years ago

No VPNs or proxies. Tried it with Linux and two different Windows PCs, so maybe it is a bug in the http library?

yamalight commented 4 years ago

Exoframe uses got, one of the latest versions - as far as I can tell, there should be no issues 🤔 Could you try clonning the repo and using local version of CLI to try and debug the issue?

HTLFabian commented 4 years ago

Ok, cloned & debugged an got threw a GotError with the following code: UNABLE_TO_VERIFY_LEAF_SIGNATURE After a little bit of research, I found out that I used the wrong Let's Encrypt certificate (accidentally used cert.pem instead of fullchain.pem) - so it's my fault, I am sorry if I caused any inconvenience. (The README in the cert folder even states "will break many server configurations, and should not be used". Just wonders me why the browser accepted it nevertheless)

yamalight commented 4 years ago

Glad you figured it out :) Feel free to open more issues if you have any other questions - will be happy to help!