Telegram notification test: error setting certificate verify locations:\n CAfile: /etc/pki/tls/certs/ca-bundle.crt

[strasharo]

I'm running Motioneye inside a docker container, brand new deployment and when trying to configure a Telegram notification I set the API token and recipient and when I hit the "Test" button I get the following error:

This is the error inside the container:

    INFO: no files
   ERROR: telegram notification test failed: (77, 'error setting certificate verify locations:\n  CAfile: /etc/pki/tls/certs/ca-bundle.crt\n  CApath: none')
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/motioneye/handlers/config.py", line 730, in test
    sendtelegram.send_message(
  File "/usr/local/lib/python3.11/dist-packages/motioneye/sendtelegram.py", line 41, in send_message
    c.perform()
pycurl.error: (77, 'error setting certificate verify locations:\n  CAfile: /etc/pki/tls/certs/ca-bundle.crt\n  CApath: none')

Looks like the path doesn't exist in the container:

root@1586d314a079:/# ls -l /etc/pki
ls: cannot access '/etc/pki': No such file or directory
root@1586d314a079:/# 

[Sapor2010]

Same here (clean install) on a Pi with Debian GNU/Linux 12 (bookworm)
motionEye Version | 0.43.1b1 Motion Version | 4.6.0

Look like the default path has been change ?

i created the folder/path /etc/pki/tls/certs and copied the ca-certificate.crt from /etc/ssl/certs/ca-certificates.crt and renamed it to ca-bundle.crt

thats help for me as a workaround.

[strasharo]

Yeah, copying /etc/ssl/certs/ca-certificates.crt to /etc/pki/tls/certs/ca-bundle.crt solved it for me.

[zagrim]

I wonder if this is the cause: https://github.com/pycurl/pycurl/issues/834

[joelis10]

I've got this issue too, manually copying over and changing name to ca-bundle.crt didn't work edit: nevermind, I realised I named the file correctly but accidentally put it inside a folder of the same name, taking it out and putting it where it should be fixed it

[MichaIng]

Jep. this is the pycurl bug @zagrim linked. We do not define the CA cert path, this is (falsely) auto-detected by pycurl.

To verify and workaround for now:

sudo python3 -m pip install pycurl==7.45.2

Creating the symlink works as well, of course, but I am no fans of telling others to create new files/symlinks and dirs as workaround, which will be forgotten and rot on the filesystem forever 😉.

[inuonly]

I ended up having the same issue. I looked up for the file needed. It looks liek the location/path are different for actual file existing in the sytem versus the path provided. Unfortunately there is no crontab available so I was not able to fix this and everytime you start the container you need to do so manually. Fix : if we give a symlink for /etc/ssl/certs/ca-certificates.crt at /etc/pki/tls/certs/ca-bundle.crt then that should probably fix this issue. Keeping certificated at redundant location is not my preference tbh hence symlink. Otheroption is that the author who create the container can fix the path in the docker file if this is something updated by ssl packages certs for their default paths.

[adrian-agp]

Could you add exporting a proxy for Telegram notifications?