search

rhasspy / larynx

End to end text to speech system using gruut and onnx
MIT License
822 stars 49 forks source link

SSL error when downloading new tts #26

Closed 18fadly-anthony closed 2 years ago

18fadly-anthony commented 2 years ago

Steps to reproduce:

  1. Run larynx-server on NixOS with Docker
  2. Attempt to download a tts

    Full error output:

    
During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/app/.venv/lib/python3.7/site-packages/quart/app.py", line 1827, in full_dispatch_request result = await self.dispatch_request(request_context) File "/app/.venv/lib/python3.7/site-packages/quart/app.py", line 1875, in dispatchrequest return await handler(**request.view_args) File "/app/larynx/server.py", line 667, in api_download tts_model_dir = download_voice(voice_name, voices_dirs[0], url) File "/app/larynx/utils.py", line 78, in download_voice response = urllib.request.urlopen(link) File "/usr/lib/python3.7/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/usr/lib/python3.7/urllib/request.py", line 531, in open response = meth(req, response) File "/usr/lib/python3.7/urllib/request.py", line 641, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib/python3.7/urllib/request.py", line 563, in error result = self._call_chain(args) File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain result = func(args) File "/usr/lib/python3.7/urllib/request.py", line 755, in http_error_302 return self.parent.open(new, timeout=req.timeout) File "/usr/lib/python3.7/urllib/request.py", line 525, in open response = self._open(req, data) File "/usr/lib/python3.7/urllib/request.py", line 543, in _open '_open', req) File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain result = func(*args) File "/usr/lib/python3.7/urllib/request.py", line 1367, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib/python3.7/urllib/request.py", line 1326, in do_open raise URLError(err) urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>

synesthesiam commented 2 years ago

I don't know about NixOS, but on Debian I had to add -v /etc/ssl/certs:/etc/ssl/certs to docker run in order to fix SSL problems.

synesthesiam commented 2 years ago

I've now also installed the ca-certificates package inside the Docker image. Hope this works for you now.

xsebek commented 2 years ago

@synesthesiam This does not seem to work for me, maybe because the files in /etc/ssl/certs are themselves links. I am on Fedora, which might be different from Debian in this regard:

> ls /etc/ssl/certs
lrwxrwxrwx.  /etc/ssl/certs -> /etc/pki/tls/certs
> ls /etc/ssl/certs/*
lrwxrwxrwx.  ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx.  ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
synesthesiam commented 2 years ago

Do you happen to know if there's a cross-distro way of including certificates in a running Docker container? I'm surprised even such a recent version of ca-certificates has these issues.

I'll look around too and see what I can find. Thanks for trying this out!

synesthesiam commented 2 years ago

I've updated the Docker scripts to follow certificate symlinks in /etc/ssl/certs, and then map those directories too for Docker. Hope this helps!