search

mtakaki / cachet-url-monitor

URL monitor plugin for cachethq.io
MIT License
125 stars 49 forks source link

SSLError #46

Closed fm407 closed 4 years ago

fm407 commented 6 years ago

getting this error when trying to start url monitor, any ideas?

Traceback (most recent call last): File "cachet_url_monitor/scheduler.py", line 90, in scheduler = Scheduler(sys.argv[1]) File "cachet_url_monitor/scheduler.py", line 56, in init self.configuration = Configuration(config_file) File "/root/cachet-url-monitor/cachet_url_monitor/configuration.py", line 113, in init self.status = get_current_status(self.api_url, self.component_id, self.headers) File "/root/cachet-url-monitor/cachet_url_monitor/configuration.py", line 59, in get_current_status get_status_request = requests.get('%s/components/%s' % (endpoint_url, component_id), headers=headers) File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/api.py", line 72, in get return request('get', url, params=params, kwargs) File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/api.py", line 58, in request return session.request(method=method, url=url, kwargs) File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/sessions.py", line 508, in request resp = self.send(prep, send_kwargs) File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/sessions.py", line 640, in send history = [resp for resp in gen] if allow_redirects else [] File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/sessions.py", line 218, in resolve_redirects adapter_kwargs File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/sessions.py", line 618, in send r = adapter.send(request, **kwargs) File "/root/cachet-url-monitor/lib/python2.7/site-packages/requests/adapters.py", line 506, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='itstatus.redacted.com', port=443): Max retries exceeded with url: /api/v1/components/19 (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))

The cert is fine, it's our wildcard.

Thanks

mtakaki commented 6 years ago

Based on the stack trace, it seem requests is not accepting your certificate. I have to implement this, to add the ability to provide a ca bundle or a directory with trusted CAs

joe-eklund commented 4 years ago

I wanted to point out my solution to this problem, since I too had to pass in a custom certificate authority. You can actually get this working without modifying your code at all by setting the requests environment variable REQUESTS_CA_BUNDLE. In my case, I am running this in docker with docker-compose and my docker-compose.yml looks like:

services:
  cachet-monitor:
    build: .
    image: cachet-monitor:multithread
    container_name: cachet-monitor
    environment:
      - REQUESTS_CA_BUNDLE=/usr/src/app/config/ca-bundle.crt
    volumes:
      - ./config:/usr/src/app/config
    restart: always

The trick is to pass in your bundle into the docker container through a volume. That, in combination with the environment variable, fixed my SSL issues.

mtakaki commented 4 years ago

Thanks for sharing this, @joe-eklund. I'll update the README with this information.