-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keybaseapi.com SSL cert expired 2023-12-31 #4219
Comments
Looks like someone doesn't monitor cert dates as this keeps happening. |
The certificate itself is still valid. It might be related to the issuing certificate. |
Also reported in keybase/client#26088 and keybase/client#26089 |
I'm done with Keybase, I can't access any of the encrypted files that I need to access today. Can't send any logs, the Keybase API server has some kind of certificate error, looks like it expired today. One would think that someone at Keybase would be paying attention. |
The expired certificate is within the Short version, the only way this can be fixed would be to build and release new client executables. The ones currently on our computers and mobile devices will never be able to log in again. I just updated my copy of the client source repo. @mmaxim updated the internal CA certificate within the client about half an hour ago (see commit One good thing is, we won't have to worry about it expiring any time soon.
My guess is that he's building new releases as we speak, and we're all going to have to download and install newer clients for computers later today. We'll also have to update the iOS/Android clients some time in the next few days, depending on how long it takes for the apps to make it through the app stores' review process. |
I just went ahead and set the date back on my computer but day so I could
get my files out, and I'm just going to move to something that is a little
more reliable.
…On Sun, Dec 31, 2023, 2:46 PM John Simpson ***@***.***> wrote:
The certificate itself is still valid. It might be related to the issuing
certificate.
*The expired certificate is within the keybase executable on my computer.*
This is the certificate used to verify the api-0.core.keybaseapi.com
server. Verifying this server's certificate against a fixed CA is part of
how they detect MITM attacks.
Short version, the only way to fix this *can* be fixed would be to build
and release new client executables. The ones currently on your computers
and mobile devices will *never* be able to log in again.
I just updated my copy of the client source repo. @mmaxim
<https://github.com/mmaxim> updated the internal CA certificate within
the client about half an hour ago (see commit
fbebbc9f1ba29e21ae6d3ee2edc21a7703d0019f
<keybase/client@fbebbc9>
).
One good thing is, we won't have to worry about it expiring any time soon.
$ sed -n '/BEGIN CERT/,/END CERT/p' ca.go | openssl x509 -noout -startdate -enddate
notBefore=Dec 31 19:03:19 2023 GMT
notAfter=Dec 31 19:03:19 6023 GMT
My guess is that he's building new releases as we speak, and we're all
going to have to download and install newer clients for computers later
today. We'll also have to update the iOS/Android clients some time in the
next few days, depending on how long it takes for the apps to make it
through the app stores' review process.
—
Reply to this email directly, view it on GitHub
<#4219 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPGJGVUCW6F6EDNJZP74K3YMG6IPAVCNFSM6AAAAABBILWDPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZTGAZDIOJXG4>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Different error now, "certificate signed by unknown authority". |
That's probably because he's updated the You'll need to wait until v6.2.4 is available for download. Versions prior to this will never work again. |
Same problem, I uninstalled the one on my iphone but now I can't log in, it keeps showing a network error. Anyone know how long it will take them to fix it? Or can anyone recommend any other better apps? |
@Fflaviacy Apple requires a review process for all iOS application submitted to their app store, which takes non-trivial amount of time on their side. So, if keybase team has already submitted their updated app, you can expect its availability in the app store in couple of days. |
So now we just have to wait? |
I am writing to report a critical issue we have encountered with the Keybase API, which is significantly impacting our operations. Our alert scripts, which rely on your API, are currently not functioning due to this problem. Error Details: go Impact: Request for Assistance: |
Can confirm, 6.2.5-20240101050825+3bdf76f84a (for macOS arm64) is working as expected. |
From @ayoublind ...
Did I miss something, do you have a service contract with Keybase? If so, where can I sign up for one? If not ... is it smart to rely on a free service for critical notifications? |
and @kg4zow how did you update the version of the keybase installed in linux ?
|
Back To work by updating the cli version to the latest using :
|
For CentOS 7 I ran
I haven't powered on the Debian 12 laptop in about a week so I haven't updated it yet, but as you pointed out, that'll be " |
I downloaded the update from https://prerelease.keybase.io/ for Linux and its fixed. |
I hope there will be a solution for my aunt which is on a old version of MacOS X |
iOS client update now released on the App Store. |
Please update to the latest client. Thanks! |
Confirmed that the issue is fixed in Ubuntu 22.04 after updating to the latest client version (6.2.4). Thanks to everyone involved for the relatively quick fix! 🙌 |
The connection problem turned up today (2 Jn 2023). This was already v6.2.4 but it fails, presumably still with the outdated certificate. Homebrew has 6.2.5(?) but fails to install because "there is already an App at '/Applications/Keybase.app'". Was unwilling to delete the existing v6.2.4 Keybase OS X app (unknown consequences?), yet there seems no way to update it to v6.2.5? UPDATE: install v6.2.5 for OS X using Homebrew
|
This reply by @kg4zow is exactly correct as to the nature of the problem, thanks for the great explanation! Sorry for all the trouble folks, clearly not our finest hour here at Keybase, but hopefully everyone is up and running on all platforms. |
No luck on my side 🤔 $ brew update
$ brew install --cask keybase
==> Upgrading 1 outdated package:
Warning: Cask 'keybase' is unreadable: undefined method `before_colon' for "20210202191343:d72cc00cd3":Cask::DSL::Version
Did you mean? before_comma I'm on amd64 architecture on my Macbook. UpdateTo resolve the error I removed the following file and run the install command again. $ rm /usr/local/Caskroom/keybase/.metadata/5.6.2,20210202191343:d72cc00cd3/20210421075944.484/Casks/keybase.rb
$ brew install --cask keybase I'm back in business 🎉 |
For the record ... when I mentioned "6.2.4" being the new version in my comments above, I was going by the tag which I had just seen created in the git repo. Apparently the tags in the repo don't always "sync up" with the version number strings in the software, and the actual release which fixed things was 6.2.5. My apologies for the confusion. |
I had the same issue in my ubuntu and I ran the following commands to fix it
|
FYI Hmm my windows version didn't want to update for some reason from 2.3.1 so faced the same issue ... Fixed by manually downloaded keybase installer and now everything works fine on 6.2.5.5 |
It sucks that I have to worry about it again after 4000 years! |
This issue is re-occurring with the latest keybase (downloaded just now). I have uninstalled, re-downloaded from the keybase.io website - and still the same! |
based keybase users |
Sorry I'm late to the party. My problem is that I was logged out from the phone and I'm not able to find my login credentials. If I update the client on mac (here I'm still logged in), will it force me to relogin? Can somebody suggest a flow that will help me access my files stored in keybase? |
Just updating the client should be enough tbh. |
Do I need to relogin after updating? |
Well.. According to my chain, I did not revoke or re-create the device key during the update. This means, you can just update the application. Also.. WHY don't you have a paper key? |
Everything in Keybase stopped working for me just now. It looks like a cert needs to be updated:
Possibly related: #4170
The text was updated successfully, but these errors were encountered: