search

globaleaks / whistleblowing-software

GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.22k stars 268 forks source link

Ubuntu "Network unreachable" - Let's Encrypt renewal failure - After Globaleaks update the system not work #4007

Closed CEDEssedi closed 7 months ago

CEDEssedi commented 7 months ago

What version of GlobaLeaks are you using?

I'm using the version: 4.13.18

What browser(s) are you seeing the problem on?

Chrome, Firefox, Microsoft Edge, Safari

What operating system(s) are you seeing the problem on?

Linux

Describe the issue

Greetings,

this is my first time using github for help. I hope this is the right section.

At the beginning of February the SSL certificate obtained through let's encrypt expired.

From the expiry date onwards we were no longer able to renew the certificate in question, always receiving the message Internal error - Unexpected.

We checked the server settings (_Ubuntu 18.04_) and those of the new FW (Fortinet), but found no problems.

When the server restarts we receive this log message:

`Platform: Sistema Whistleblowing
Host: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Version: 4.13.18

ValueError Inappropriate argument value (of correct type).

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 144, in _new_conn
    (self.host, self.port), self.timeout, **extra_kw)

  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 83, in create_connection
    raise err

  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in create_connection
    sock.connect(sa)

OSError: [Errno 101] Network is unreachable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)

  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)

  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
    conn.connect()

  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 298, in connect
    conn = self._new_conn()

  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 153, in _new_conn
    self, "Failed to establish a new connection: %s" % e)

urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f50e1d24cf8>: Failed to establish a new connection: [Errno 101] Network is unreachable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
    timeout=timeout

  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
    _stacktrace=sys.exc_info()[2])

  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))

urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f50e1d24cf8>: Failed to establish a new connection: [Errno 101] Network is unreachable',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/acme/client.py", line 1088, in _send_request
    response = self.session.request(method, url, *args, **kwargs)

  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 520, in request
    resp = self.send(prep, **send_kwargs)

  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 630, in send
    r = adapter.send(request, **kwargs)

  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 508, in send
    raise ConnectionError(e, request=request)

requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f50e1d24cf8>: Failed to establish a new connection: [Errno 101] Network is unreachable',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 250, in inContext
    result = inContext.theWork()

  File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 266, in <lambda>
    inContext.theWork = lambda: context.call(ctx, func, *args, **kw)

  File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)

  File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext
    return func(*args,**kw)

  File "/usr/lib/python3/dist-packages/globaleaks/orm.py", line 185, in _wrap
    result = function(session, *args, **kwargs)

  File "/usr/lib/python3/dist-packages/globaleaks/orm.py", line 216, in tw
    return f(session, *args, **kwargs)

  File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 82, in db_acme_cert_request
    Settings.acme_directory_url)

  File "/usr/lib/python3/dist-packages/globaleaks/utils/letsencrypt.py", line 72, in request_new_certificate
    client = create_v2_client(directory_url, accnt_key)

  File "/usr/lib/python3/dist-packages/globaleaks/utils/letsencrypt.py", line 59, in create_v2_client
    directory = messages.Directory.from_json(net.get(directory_url).json())

  File "/usr/lib/python3/dist-packages/acme/client.py", line 1138, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)

  File "/usr/lib/python3/dist-packages/acme/client.py", line 1110, in _send_request
    raise ValueError("Requesting {0}{1}:{2}".format(host, path, err_msg))

ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable`

During the various attempts to resolve the problem we also tried to update Globaleaks, but at the end of the update the system becomes unusable.

Can you help me?

Thank you

Proposed solution

No response

evilaliv3 commented 7 months ago

Hello,

we actually never observed this exception.

Is it possible that your firewall is blocking outgoing connections?

CEDEssedi commented 7 months ago

HI,

I just managed to locate the problem.

Last month we tightened the restrictions applied by our XDR/Antivirus (Eset Protect Cloud) system and, without realizing it, we also blocked communication with the Let's Encrypt HTTPS page.

Now we added the exception for the link and everything is working again.

In the next few days we will also try to update the system.

Thanks for the reply.

Greetings

CEDEssedi commented 7 months ago

Hi,

After solving the certificate renewal problem, I continue to have the problem of updating the system. Every time I try to do it, and it is successful, then the system is not working.

Can you help me with this?

Thank you

CEDEssedi commented 7 months ago

HI

I also solved the update problem.

All I had to do was update the OS.

Thank you

Greetings