SSL certificate problem

[thasmo]

lando start

prints

curl: (60) SSL certificate problem: unable to get local issuer certificate

Let's get this party started! Starting app typo3-boilerplate...
landoproxyhyperion5000gandalfedition_proxy_1 is up-to-date
Creating network "typo3boilerplate_default" with the default driver
Creating volume "typo3boilerplate_data_app" with default driver
Creating volume "typo3boilerplate_home_app" with default driver
Creating volume "typo3boilerplate_data_mysqldb" with default driver
Creating volume "typo3boilerplate_home_mysqldb" with default driver
Creating volume "typo3boilerplate_data_rediscache" with default driver
Creating volume "typo3boilerplate_home_rediscache" with default driver
Creating volume "typo3boilerplate_data_mailhog" with default driver
Creating volume "typo3boilerplate_home_mailhog" with default driver
Creating typo3boilerplate_app_1 ... done

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
ERROR ==> how to fix it, please visit the web page mentioned above.

Creating typo3boilerplate_mailhog_1    ... done
Creating typo3boilerplate_rediscache_1 ... done
Creating typo3boilerplate_mysqldb_1    ... done
Opening platform.sh containers... this may take a bit...
Scanning to determine which services are ready... Please standby...

  _      __              _           __
 | | /| / /__ ________  (_)__  ___ _/ /
 | |/ |/ / _ `/ __/ _ \/ / _ \/ _ `/_/
 |__/|__/\_,_/_/ /_//_/_/_//_/\_, (_)
                             /___/

Your app started up but we detected some things you may wish to investigate.
These only may be a problem.

 ■ One of your build steps failed
   This **MAY** prevent your app from working.
   Check for errors above, fix them in your Landofile, and try again by running:
   lando rebuild

Windows 11 (WSL2) Lando 3.5.1 Docker 20.10.8, build 3967b7d

[thasmo]

Seems to have been an issue before.

[reynoldsalec]

@thasmo is this consistent across all of your projects? Curious if lando restart ever gets the SSL cert working correctly.

Sidenote: what typo3 boilerplate are you using that has a Lando file?

[thasmo]

@reynoldsalec, weirdly enough I'm not able to reproduce this at the moment because an error is thrown beforehand:

ERROR ==>  message=, stack=Error
    at /snapshot/cli/lib/shell.js
From previous event:
    at Shell.sh (/snapshot/cli/lib/shell.js)
    at Object.dc (/snapshot/cli/lib/bootstrap.js)
    at compose (/snapshot/cli/lib/bootstrap.js)
From previous event:
    at /snapshot/cli/lib/router.js
    at processImmediate (internal/timers.js:464:21)
From previous event:
    at Object.run (/snapshot/cli/lib/router.js)
    at run (/snapshot/cli/lib/engine.js)
    at /snapshot/cli/lib/router.js
From previous event:
    at Object.eventWrapper (/snapshot/cli/lib/router.js)
    at Engine.engineCmd (/snapshot/cli/lib/engine.js)
    at Engine.run (/snapshot/cli/lib/engine.js)
    at Object.runBuild (/snapshot/cli/plugins/lando-services/lib/utils.js)
    at AsyncEvents.<anonymous> (/snapshot/cli/plugins/lando-services/app.js)
    at AsyncEvents.handle (/snapshot/cli/lib/events.js)
    at /snapshot/cli/lib/events.js
From previous event:
    at AsyncEvents.emit (/snapshot/cli/lib/events.js)
From previous event:
    at App.start (/snapshot/cli/lib/app.js)
    at /snapshot/cli/lib/app.js
From previous event:
    at App.restart (/snapshot/cli/lib/app.js)
    at Object.run (/snapshot/cli/plugins/lando-core/tasks/restart.js)
From previous event:
    at /snapshot/cli/lib/cli.js
From previous event:
    at Object.handler (/snapshot/cli/lib/cli.js)
    at Object.runCommand (/snapshot/cli/node_modules/yargs/lib/command.js:238:44)
    at Object.parseArgs [as _parseArgs] (/snapshot/cli/node_modules/yargs/yargs.js:1063:30)
    at Function.get [as argv] (/snapshot/cli/node_modules/yargs/yargs.js:1004:21)
    at Cli.init (/snapshot/cli/lib/cli.js)
    at Cli.run (/snapshot/cli/lib/cli.js)
    at Object.<anonymous> (/snapshot/cli/bin/lando.js)
    at Module._compile (pkg/prelude/bootstrap.js:1751:22)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:14)
    at Function.runMain (pkg/prelude/bootstrap.js:1804:12)
    at internal/main/run_main_module.js:17:47, __stackCleaned__=true

Sidenote: what typo3 boilerplate are you using that has a Lando file?

That's our own, internal TYPO3 boilerplate project.

[thasmo]

As I've not been able to reprocude the SSL problem and as the second problems I encountered looks a lot like https://github.com/lando/platformsh/issues/133, I'm going to close this.

[thasmo]

@reynoldsalec, it seems the issue is back with 3.6.0 on my setup.

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

ERROR ==> the -k (or --insecure) option.

[reynoldsalec]

@thasmo can you provide details on the app?

[thasmo]

@reynoldsalec, this drives me crazy. :D It seems it is still the same issue I had before and it's totally related to my local setup and it seems it is caused by a temporary VPN configuration issue/glitch, which occurs sometimes when enabling/disabling a VPN connection.

That said, the issue seems to be gone for now. Sorry for blowing up dust again.

[reynoldsalec]

Darn VPNs! No problem, thanks for letting me know :)