Open jdougan opened 2 years ago
Ubuntu 16.04 is pretty old now. I believe I recently found another user encountered this and needed to tell curl to use a newer bundle of CA certificates: https://curl.se/docs/caextract.html
curl 7.47.0 was released a very long time ago: https://curl.se/docs/vuln-7.47.0.html
16.04 is indeed very old -- old enough to be out of support, even for an LTS release (canonical's window for those is 5 years). So you will probably want to update to a newer LTS release at some point anyway.
Perhaps this is obvious, but it is worth noting that that error means your sandstorm box is also not auto-updating -- and based on the from
query parameter looks like this broke for you around September; the current release is 0.297
...it would be good if Sandstorm tried a little harder to get an admin's attention when updates aren't working.
I have some vague recollection of let's encrypt having tweaked something at some point that broke some very old TLS clients, and my fuzzy memory of how long ago it was makes that seem like a possible proximate cause here as well.
...also I wonder if maybe we should replace the shelling out to curl with using kj's http libraries, just to get rid of a system dependency.
The original plan was to upgrade last year when 16 went obsolete. I had issues then installing sandstorm and stuff came up so I delayed.
And I may have broken curl while trying to update the certs. Some days...
Troubleshooting a sandstorm tt-rss feed polling issue (stops updating), I was looking at sandstorm updater/log and found this:
Checking libcurl, I find:
This is on Ubuntu 16.04 with all updates.