-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CT-392] [Bug] SSL: CERTIFICATE_VERIFY_FAILED occurs non-deterministicly #4909
Comments
Hi @jaklan, thanks for the details in this report and I'm sorry to hear you've been having issues with connecting to hub.getdbt.com. I did some preliminary investigation of the ssl/tls certificates on the ip addresses you mentioned and everything is up-to-date on our end as far as I can tell. You may want to contact your network administrator and see if there's something they can do to help. Since the certs at all the above mentioned ip addresses were signed by the same certificate authority, the only immediate workaround I can think of is if you create a local dns entry on your machine that forces "hub.getdbt.com" to forward to the ip addresses that seem to be working. This isn't ideal because the entry would have to be manually updated if we make any dns changes in the future. Detailing how to set that up is beyond the scope of the assistance I can provide though. I'm going to close this ticket as out of scope, but please feel free to re-open or open a new issue if there's something else you think we can do. |
@nathaniel-may Hah, I just wanted to update and close the issue, good timing 😉 From what I discovered - you use Netlify for Btw, we have finally resolved the issue by creating custom CA bundle including both |
Thanks for the update, @jaklan! Glad to hear you got to the root of the issue. I completely understand the desire for a simpler solution here, but we will likely not provide new ways to disable security features. In this case, certificate validation protects your projects from falling victim to a man in the middle attack. Thanks for reaching out, and happy dbt-ing! |
@nathaniel-may fully understand the reasoning. I just mentioned that because I know it was quite problematic for our Data Scientists working with |
Is there an existing issue for this?
Current Behavior
Hi, I have a problem with running
dbt deps
command behind corporate VPN. I have noticed that sometimes it fails due to:but sometimes it just works when I run the command again.
I prepared a small script to investigate it:
and run multiple times - here's the output:
It looks like the error depends on the target IP address, but it's just my guess, I would really love to hear your ideas.
Expected Behavior
I would expect the command always fails or always passes.
Steps To Reproduce
Run
dbt deps
behind some VPN with self-signed certificates in the chain.Relevant log output
No response
Environment
What database are you using dbt with?
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: