search

kamax-matrix / mxisd

Federated Matrix Identity Server
GNU Affero General Public License v3.0
220 stars 112 forks source link

synapse.http.client error ssl #85

Closed knarou34 closed 6 years ago

knarou34 commented 6 years ago

Hello,

I can't use mxisd with matrix correctly. this is a fresh install of today with debian 9. mxisd and matrix are on the same system and same domain

after couple of hours to debug, i don't understand.

2018-09-08 02:08:41,848 - synapse.access.http.8008 - 215 - INFO - POST-204 - 1XX.XXX.XXX.XXX - 8008 - Received request: POST /_matrix/client/r0/account/3pid/email/requestToken
2018-09-08 02:08:41,851 - synapse.http.client - 93 - INFO - POST-204 - Sending request POST https://xxxxx.com/_matrix/identity/api/v1/validate/email/requestToken
2018-09-08 02:08:41,875 - synapse.metrics - 268 - INFO -  - Collecting gc 0
2018-09-08 02:08:41,902 - twisted - 131 - INFO -  - Starting factory _HTTP11ClientFactory(<function quiescentCallback at 0x7f3bd8fdc938>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f3bd8f72190>)
2018-09-08 02:08:41,912 - synapse.http.client - 115 - INFO - POST-204 - Error sending request to  POST https://xxxxxx.com/_matrix/identity/api/v1/validate/email/requestToken: RequestTransmissionFailed [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]>]
2018-09-08 02:08:41,914 - synapse.http.server - 101 - ERROR - POST-204 - Failed handle request via <function _async_render at 0x7f3bdc1b4410>: <XForwardedForRequest at 0x7f3bd8fd2f80 method='POST' uri='/_matrix/client/r0/account/3pid/email/requestToken' clientproto='HTTP/1.0' site=8008>: Traceback (most recent call last):

Many thanks for you help K

maxidorius commented 6 years ago

The problem is that the certificate served by your reverse proxy to synapse (when attempting to talk to mxisd) is not valid. Why it's not valid is not said, but the most likely causes are:

That part is out of scope of mxisd and for you to find out I'm afraid.

knarou34 commented 6 years ago

Many thanks for you answer.

I don't understand because my hostname has a good certificate with let's encrypt it's not a self-signed.

image

my question, what's the good configuration to have synapse and mxisd on the same server and same domain ....

Have a nice day.

knarou34 commented 6 years ago

Hello,

I have resolved this by this one. sudo vi /etc/nginx/conf.d/matrix.conf change the line : ssl_certificate /etc/letsencrypt/live/www.xxxxx.com/cert.pem; by the line ssl_certificate /etc/letsencrypt/live/www.xxxxx.com/fullchain.pem; service nginx restart and it's work like a charm ;-)

Many Thanks for your support ps : may be interesting for somebody

K