Open madisonostermann opened 2 months ago
This worked when our server was http, before adding certs.
I assume you are working in an organization with their own server ? I am asking because adding certificates to such environment can be done in a way that only the environment that have the certs registered know. Usually on the global web, certificates will be published to centralized place that are checked against. If you are in a closed network organization this could be different.
If so, do you know if the certificate are correctly registered on your local environment where you are trying to publish ? Have you problem access your rsconnect server with HTTPS using other tool ?
Like R with the connect API ? or curl ? or just a browser ?
I can publish via the button in RStudio without issue.
Is this with a local RStudio IDE ? Or a RStudio Workbench server ?
From my experice this is a configuration issue in your environment where the certificate is not registered. Quarto should check anything in the CA_STORE for the system (and also from online source)
I assume you are working in an organization with their own server ? I am asking because adding certificates to such environment can be done in a way that only the environment that have the certs registered know. Usually on the global web, certificates will be published to centralized place that are checked against. If you are in a closed network organization this could be different.
Right - Deno does respect root certificates that are installed. I think UnknownIssuer
is a hint for what's happening here
I've also checked that my certificate for the site is Always Trusted (on Mac, done in keychain access).
I don't think this is related to the problem.
I think we're seeing this https://github.com/denoland/deno/issues/2301
@madisonostermann do you know more about these certificates? Specifically, are they self-signed? I think Deno (the typescript runtime that Quarto is implemented with) might be doing something reasonable. I don't know if we want to support disabling this because of the inherent risks that it would generate...
Bug description
Received "invalid peer certificate: UnknownIssuer" error when trying to publish quarto site to connect server.
Steps to reproduce
I am encountering the same issue as #3363 trying to publish a Quarto website to our Posit Connect server. The quarto website builds successfully locally, and I can publish via the button in RStudio without issue. However, running
quarto publish connect --server https://myserver.com
and entering my API key results in the error:This worked when our server was
http
, before adding certs. When I do the curl commandcurl -H "Authorization: Key $API_KEY" https://myserver.com/__api__/v1/content
, I get a valid response. I've also checked that my certificate for the site is Always Trusted (on Mac, done in keychain access).Expected behavior
quarto publish connect --server https://myserver.com
should prompt for an API key and then publish.Actual behavior
quarto publish connect --server https://myserver.com
and entering my API key results in the error:Your environment
Quarto: version 1.5.54 OS: macOS 14.6.1 / Darwin 23.6.0 (my coworker on Windows also reproduced this issue) Connect version: 2024.03.0
Quarto check output