-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL - SSLError : certificate verify failed #2221
Comments
Do you have the ca-certificates bundle installed? Which Linux distribution do you use? I'm not sure at which paths the ruby OpenSSL module looks by default, but maybe you'll have to set it to the correct location for your distribution. |
I had a similar-looking problem with let's encrypt certificates. This pointed me in the right direction: certbot/certbot#2026 |
I'm on Debian (Jessie). I installed ca-certificates.
I'm using let's encrypt, so I have put the let's encrypt chain.pem + ca-certifcates.crt inside /usr/lib/ssl/cert.pem, but it's still doesn't work... Thanks! |
I have the same problem since Gargron bumped the Ruby-Version. |
Hey @ToroNZ . Thanks for pointing me in that direction. I patched it manually and now it is sending mails again. |
I hit the same issue and I think I've got a lead. See the logs containing the Arguments to this job. One URL there that appears a lot is However, Sidekiq could probably be more resilient here and just 1. avoid fetching data on a domain that has a SSL issue, with a way to warn the administrator ideally, or 2. just have a way to ignore SSL errors with all/some domains. |
The following is fixing the issue locally, but I am very unsure about my ruby, so I'll defer to somebody who can make a better patch out of this. commit 68c39fc917479b9f1eb7a6525b1b6f0160d1afac
Author: Benjamin Bouvier <public@benj.me>
Date: Mon Apr 24 02:18:33 2017 +0200
Fix fetch of avatar/header if SSL is incorrectly set on the instance;
diff --git a/app/models/account.rb b/app/models/account.rb
index 084b17f..b263060 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -188,6 +188,8 @@ class Account < ApplicationRecord
self.avatar = parsed_url
self[:avatar_remote_url] = url
+ rescue OpenSSL::SSL::SSLError => e
+ Rails.logger.debug "Error fetching remote avatar: #{e}"
rescue OpenURI::HTTPError => e
Rails.logger.debug "Error fetching remote avatar: #{e}"
end
@@ -199,6 +201,8 @@ class Account < ApplicationRecord
self.header = parsed_url
self[:header_remote_url] = url
+ rescue OpenSSL::SSL::SSLError => e
+ Rails.logger.debug "Error fetching remote avatar: #{e}"
rescue OpenURI::HTTPError => e
Rails.logger.debug "Error fetching remote header: #{e}"
end |
Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
Hello,
Since the 18 April, around 19h30 (07:30 pm) my instance isn't federating. I tried to restart mastodon, apache, even the server, and nothing work.
At first, I thought it was a proxy error, because I had error in my apache errors file about proxy. Now it seems to work, there are no more errors, but it's still not federating.
On sidekiq, there are a lot of failed and "retries" jobs. It all says :
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
My
openssl version
isOpenSSL 1.1.0f-dev xx XXX xxxx
.I renewed my certificates, but this doesn't solve the problem...
I have updated to v1.2 yesterday, and now I'm on v1.2.2.
I'm lost, what could I do to solve this ?
master
(If you're a user, don't worry about this).The text was updated successfully, but these errors were encountered: