helm / helm-classic

⚠️(OBSOLETE) Helm Classic v1
https://github.com/helm/helm
Other
573 stars 54 forks source link

Installer script ssl cert broken #493

Closed amingilani closed 8 years ago

amingilani commented 8 years ago

Cross posted from https://github.com/kubernetes/helm/issues/1445

The documentation here asks us to pipe a script to bash but the endpoint https://get.helm.sh doesn't have a valid ssl cert.

bacongobbler commented 8 years ago

ping @slack

From using digicert's SSL checker, it seems that the server is not sending the required intermediate certificate, which would cause trust issues.

However, the certificate is valid.

Certificate Name matches get.helm.sh
Subject get.helm.sh
Valid from 24/Oct/2016 to 24/Nov/2017
Issuer  Amazon

Subject Amazon
Valid from 22/Oct/2015 to 19/Oct/2025
Issuer  Amazon Root CA 1

Subject Amazon Root CA 1
Valid from 25/May/2015 to 31/Dec/2037
Issuer  Starfield Services Root Certificate Authority - G2

Subject Starfield Services Root Certificate Authority - G2
Valid from 02/Sep/2009 to 28/Jun/2034
Issuer  Starfield Technologies, Inc.
slack commented 8 years ago

We're using ACM + CloudFront which doesn't let you change/modify the certificate payload.

The certificate did expire over the weekend and I moved to ACM on 10/25 at 21:30 PDT.

@amingilani you still seeing certificate issues?

slack commented 8 years ago

Just investigated the digicert checker... it is looking for DigiCert's intermediate... Not a generically valid SSL configuration.

https://www.ssllabs.com/ssltest/analyze.html?d=get.helm.sh&s=52.84.213.240&latest

slack commented 8 years ago

Oops, typo on the date. I moved to ACM on 10/23...

sgoings commented 8 years ago

I am unable to reproduce the problem specified in this ticket:

$ curl -s https://get.helm.sh | bash
Downloading helmc-latest-darwin-amd64 from Google Cloud Storage...

helmc is now available in your current directory.

To learn more about helm classic, execute:

    $ ./helmc
$ ./helmc
NAME:
   helmc - Helm Classic - A Kubernetes package manager

To begin working with Helm Classic, run the 'helmc update' command:

$ helmc update

This will download all of the necessary data. Common actions from this point
include:

- helmc help COMMAND: see help for a specific command
- helmc search: search for charts
- helmc fetch: make a local working copy of a chart
- helmc install: upload the chart to Kubernetes

For more information on Helm Classic, go to http://helm.sh.

ENVIRONMENT:
$HELMC_HOME:     Set an alternative location for Helm files. By default, these
                are stored in ~/.helmc

USAGE:
   helmc [global options] command [command options] [arguments...]

VERSION:
   0.8.1+a9c55cf

COMMANDS:
    create  Create a chart in the local workspace.
    doctor  Run a series of checks to surface possible problems
    edit    Edit a named chart in the local workspace.
    fetch   Fetch a Chart to your working directory.
    home    Displays the location of the Helm Classic home.
    info    Print information about a Chart.
    install Install a named package into Kubernetes.
    lint    Validates given chart
    list    List all fetched packages.
    publish Publish a named chart to the git checkout.
    remove  Remove one or more Charts from your working directory.
    repository  Work with other Chart repositories.
    search  Search for a package.
    target  Displays information about cluster.
    uninstall   Uninstall a named package from Kubernetes.
    update  Get the latest version of all Charts from GitHub.
    generate    Run the generator over the given chart.
    template    Run a template command on a file.

GLOBAL OPTIONS:
   --home "$HOME/.helmc"    The location of your Helm Classic files [$HELMC_HOME]
   --debug          Enable verbose debugging output
   --help, -h           show help
   --generate-bash-completion
   --version, -v        print the version

@amingilani are you still having this problem, or did it just appear over the weekend?

amingilani commented 8 years ago

Sorry about the late reply guys. It seems to be working now! Thanks for looking into it. I'm closing this issue.