SSL error when downloading new tts

[18fadly-anthony]

Steps to reproduce:

1. Run larynx-server on NixOS with Docker
2. Attempt to download a tts

Full error output:

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/.venv/lib/python3.7/site-packages/quart/app.py", line 1827, in full_dispatch_request
    result = await self.dispatch_request(request_context)
  File "/app/.venv/lib/python3.7/site-packages/quart/app.py", line 1875, in dispatch_request
    return await handler(**request_.view_args)
  File "/app/larynx/server.py", line 667, in api_download
    tts_model_dir = download_voice(voice_name, voices_dirs[0], url)
  File "/app/larynx/utils.py", line 78, in download_voice
    response = urllib.request.urlopen(link)
  File "/usr/lib/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.7/urllib/request.py", line 531, in open
    response = meth(req, response)
  File "/usr/lib/python3.7/urllib/request.py", line 641, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python3.7/urllib/request.py", line 563, in error
    result = self._call_chain(*args)
  File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.7/urllib/request.py", line 755, in http_error_302
    return self.parent.open(new, timeout=req.timeout)
  File "/usr/lib/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.7/urllib/request.py", line 1367, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib/python3.7/urllib/request.py", line 1326, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>

[synesthesiam]

I don't know about NixOS, but on Debian I had to add -v /etc/ssl/certs:/etc/ssl/certs to docker run in order to fix SSL problems.

[synesthesiam]

I've now also installed the ca-certificates package inside the Docker image. Hope this works for you now.

[xsebek]

@synesthesiam This does not seem to work for me, maybe because the files in /etc/ssl/certs are themselves links.
I am on Fedora, which might be different from Debian in this regard:

> ls /etc/ssl/certs
lrwxrwxrwx.  /etc/ssl/certs -> /etc/pki/tls/certs
> ls /etc/ssl/certs/*
lrwxrwxrwx.  ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx.  ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

[synesthesiam]

Do you happen to know if there's a cross-distro way of including certificates in a running Docker container? I'm surprised even such a recent version of ca-certificates has these issues.

I'll look around too and see what I can find. Thanks for trying this out!

[synesthesiam]

I've updated the Docker scripts to follow certificate symlinks in /etc/ssl/certs, and then map those directories too for Docker. Hope this helps!