[QUESTION] How to ignore certificate for status check

[Lissy93]

Hello,
I apologize but I am not comfortable with this.
How do I make the ping ignore the signing of the https certificate? (UNABLE_TO_VERIFY_LEAF_SIGNATURE)

Thx

Originally posted by @EVOTk in #35 (comment)

[Lissy93]

Heya @EVOTk :)
I've moved this to a new issue.
So are you running Dashy via HTTPS, and trying to check the status of a non-HTTPS service? Or the otherway around?

If it's the case that the service you are accessing has an unsigned certificate, then you can ignore this by setting rejectUnauthorized: false in the headers. You can set status check headers with statusCheckHeaders. But this isn't great for security, so I would only do this if it is a local service within your LAN.
Hope that helps :)

[EVOTk]

Hello !
thank you for your responsiveness, again!

I use Dashy locally, through a VPN.
The service I am trying to check the status is HTTPS with a self-signed certificate (Proxmox)

  - name: "Serveur"
    items:
      - title: "Proxmox"
        description: ""
        icon: "proxmox.png"
        url: "https://192.168.2.40:8006"
        statusCheck: true

This gives the same result:

  - name: "Serveur"
    items:
      - title: "Proxmox"
        description: ""
        icon: "proxmox.png"
        url: "https://192.168.2.40:8006"
        statusCheck: true
        statusCheckHeaders: {rejectUnauthorized: false}

[Lissy93]

Hmm okay, so maybe this is something that I have to do in the code. I could add in an optional attribute, that is off by default, so that users can disable SSL rejection for an individual service (if they are slef-hosting). I'll look into this tonight when I get home from work and hopefully get something working :)

I also notice that the error text in the tooltip is overflowing, I'll fix that at the same time :)

[EVOTk]

Thank you so much ! Can't wait to try this :)

[EVOTk]

Thanks thanks thanks !

[Lissy93]

No problem :)
I'll get it merged tomorrow evening, when I get home from work, and let you know when it's done. Hopefully it'll work for you 🤞

[EVOTk]

Hello,
branch "FEATURE/ssl-status-check-options" works fine for me.

I am in a hurry for this to be merged :D :D

Take your time, don't do anything in a rush;)

Thanks again ! Good night !

[Lissy93]

Sorry it took me a while to merge, I wanted to test it properly and fix the tooltip styles at the same time.
But it's merged now, enjoy :)

[EVOTk]

Thank you very much, I will immediately pull the latest version in order to update my "Dashy" and take advantage of this :)

[EVOTk]

Hello @dtctek
I think this issue will be useful for you :)

https://github.com/Lissy93/dashy/blob/master/docs/showcase.md#ground-control

[cyrus104]

I know this issue is closed but I have something very similar. I am using OPNsense for my router and it has a self signed certificate, works on the newtab page load but the service check fails with this message. I checked the other issues (open and closed) but couldn't find another issue with this error.

DEPTH_ZERO_SELF_SIGNED_CERT

[Borlean]

@cyrus104, I'm having the same issue. Did you figure it out?

[Lissy93]

I'm guessing you've tried this, but did setting statusCheckAllowInsecure: true on the failing link help at all?

[cyrus104]

@Borlean and @Lissy93, that did work. I previously I used the option built into the graphical editor and it didn't work but when I did a copy and paste of this it into the config, worked as expected.

[Borlean]

Yes and no.

It's a self signed cert for tower.local and using https://tower.local in the config results in the above issue.
If i use https://[IP ADDRESS] then the error goes away. This is what I'm using now as the status light works, but i would prefer to use tower.local that is in the cert.

edit: used 'code' for links.

[Lissy93]

There's some more things you can try here

[Borlean]

I was able to use the statusCheckUrl to make it work. Checks the IP address but the url link sends me to tower.local. Perfect. Thanks for the help!