Error: unable to verify the first certificate

luismcortestirado commented 2 years ago

Hi, I'm trying to deploy matrix-dimension and I get the following errors. Can anybody help me? Thanks...

docker run -d --name dimension -p 127.0.0.1:8184:8184 -v /etc/dimension:/data turt2live/matrix-dimension b1703ec925bb7baaa9dbd31d84ddca5f4e84aae9f10b7aeef5976ddbbc026767

docker logs dimension

Starting matrix-dimension
Mon, 04 Apr 2022 13:52:26 GMT [INFO] [index] Starting dimension v1.0.0
Mon, 04 Apr 2022 13:52:26 GMT [INFO] [DimensionStore] Updating schema...
Mon, 04 Apr 2022 13:52:26 GMT [DEBUG] [DimensionStore [SQL]] Executing (default): CREATE TABLE IF NOT EXISTS `SequelizeMeta` (`name` VARCHAR(255) NOT NULL UNIQUE PRIMARY KEY);
Mon, 04 Apr 2022 13:52:26 GMT [DEBUG] [DimensionStore [SQL]] Executing (default): PRAGMA INDEX_LIST(`SequelizeMeta`)
Mon, 04 Apr 2022 13:52:26 GMT [DEBUG] [DimensionStore [SQL]] Executing (default): PRAGMA INDEX_INFO(`sqlite_autoindex_SequelizeMeta_1`)
Mon, 04 Apr 2022 13:52:26 GMT [DEBUG] [DimensionStore [SQL]] Executing (default): SELECT `name` FROM `SequelizeMeta` AS `SequelizeMeta` ORDER BY `SequelizeMeta`.`name` ASC;
Mon, 04 Apr 2022 13:52:26 GMT [INFO] [DimensionStore] Applied schemas:  []
[...]
Mon, 04 Apr 2022 13:52:26 GMT [ERROR] [MatrixHttpClient (REQ-1)] Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
    at TLSSocket.emit (events.js:400:28)
    at TLSSocket._finishInit (_tls_wrap.js:936:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
    at TLSSocket.emit (events.js:400:28)
    at TLSSocket._finishInit (_tls_wrap.js:936:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}

TheTimeWalker commented 2 years ago

This doesn't seem to be a Dimension error. "UNABLE_TO_VERIFY_LEAF_SIGNATURE" signifies that you have misconfigured your certificates on your domain. Please use the corresponding support channels for help.

luismcortestirado commented 2 years ago

Here is my matrix.conf file:

cat /etc/nginx/conf.d/matrix.conf

server {
    listen 80;
    listen [::]:80;
    server_name luis-desktop.byevolution.net;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name luis-desktop.byevolution.net;

    ssl on;
    ssl_certificate /etc/ssl/certs/AlphaSSL__.byevolution.net.pem;
    ssl_certificate_key /etc/ssl/private/AlphaSSL__.byevolution.net.key;

    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    listen 8448 ssl default_server;
    listen [::]:8448 ssl default_server;
    server_name luis-desktop.byevolution.net;

    ssl on;
    ssl_certificate /etc/ssl/certs/AlphaSSL__.byevolution.net.pem;
    ssl_certificate_key /etc/ssl/private/AlphaSSL__.byevolution.net.key;
    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    server_name dimension.byevolution.net;
    listen 443 ssl;
    listen [::]:443 ssl;

    root /var/www/html;
    index index.html;

    ssl on;
    ssl_certificate /etc/ssl/certs/AlphaSSL__.byevolution.net.pem;
    ssl_certificate_key /etc/ssl/private/AlphaSSL__.byevolution.net.key;
    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8184;
    }
}

The certificates are on the following paths:

locate AlphaSSL__.byevolution.net

/etc/ssl/certs/AlphaSSL__.byevolution.net.pem
/etc/ssl/private/AlphaSSL__.byevolution.net.key

turt2live commented 2 years ago

This doesn't appear to be an issue with Dimension.

turt2live / matrix-dimension

Error: unable to verify the first certificate #482