Hello so I am trying to install a vagrant plugin but I getting the following error in mingW64
$ vagrant plugin install vagrant-winnfsd
Installing the 'vagrant-winnfsd' plugin. This can take a few minutes...
Vagrant failed to load a configured plugin source. This can be caused
by a variety of issues including: transient connectivity issues, proxy
filtering rejecting access to a configured plugin source, or a configured
plugin source not responding correctly. Please review the error message
below to help resolve the issue:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
Source: https://rubygems.org/
I am behind a firewall and have to pass the company cert manually. I updated my Ruby certs but still no luck. Anyone have any clue why vagrant is not taking my pem/certs?
Well funny thing. Vagrant uses its own certs. Inside of its folder:
the path is: C:\HashiCorp\Vagrant\embedded\cacert.cert on windows.
Add your company cert and you should be good to go.
I solved my own issue. Hopefully this helps someone else.
Related
Last Friday I started seeing issues (on an environment that has been live for months) this issue on ruby on this docker image:
RestClient::SSLCertificateNotVerified: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I then proceeded trying adding a custom PEM (wget https://curl.se/ca/cacert.pem) to link in the environment variable SSL_CERT_FILE (as explained in many other stack overflow questions).
but I get:
bash-4.4# wget https://curl.se/ca/cacert.pem
Connecting to curl.se (151.101.2.49:443)
ssl_client: curl.se: certificate verification failed: certificate has expired
wget: error getting response: Connection reset by peer
I tried saving the file on my local machine then docker cp it to the container, but that didn't help either.
I tried running the console with:
bash-4.4# SSL_CERT_FILE=/cacert.pem bundle exec rails c
irb(main):001:0> RestClient.get('https://curl.se/ca/cacert.pem', headers={})
RestClient.get "https://curl.se/ca/cacert.pem", "Accept"=>"*/*", "Accept-Encoding"=>"gzip, deflate", "User-Agent"=>"rest-client/2.0.2 (linux-musl x86_64) ruby/2.3.8p459"
RestClient::SSLCertificateNotVerified: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I tried running update-ca-certificates both manually in the console, and in the dockerfile, but I get:
bash-4.4# update-ca-certificates
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
When I tried this with the cacert.pem copied to the container as above, update-ca-certificates added a warning to that file too, similar to the ca-certificates.crt one.
the issue doesn't seem to improve with anything.
running
curl -Lks 'https://git.io/rg-ssl' | ruby
say it's all ok, and all (3) green checks
any ideas?
Thanks.
update
I think this issue might be related to lets encrypt expiring their root certificate, I tried the first workaround they recommend, by deleting the file on a container, and also deleting it on the dockerfile, then running update-ca-certificates this didn't help either. I'm not sure how to go about the other two workarounds.
If you are on debian 9, I would recommend you to update it. Otherwise, this is my workaround solution for my image.
# Temporarily fix wrong let's encrypt R3 chain because it's chained to an expired old root CA (DST Root CA X3) on debian 9
RUN sed -i -E 's/(.*DST_Root_CA_X3.*)/!\1/' /etc/ca-certificates.conf
ADD https://letsencrypt.org/certs/isrgrootx1.pem /usr/local/share/ca-certificates/isrgrootx1.pem
RUN update-ca-certificates
FYI: there is a bug on OpenSSL 1.0.2g that causes the issue https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ some platforms have released the workaround fix and you just need to upgrade latest ca-certificates and latest libgnutls30. It would be better if you can upgrade to a more recent OpenSSL.
A way to fix the issue would be to run on the container's console:
apt update && apt install ca-certificates
However, this would be a Docker antipattern, as the changes would be lost when at the container deletion.
The better way would be to rebuild the image from the Dockerfile that you have linked in your question (with docker build), then deleting and recreating the container from the new image.
I'm trying to install ruby using rubenv but i'm running into following error:
rbenv install 2.5.1 -v
/tmp/ruby-build.20180525142355.3872 ~
Downloading ruby-2.5.1.tar.bz2...
-> https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.bz2
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
error: failed to download ruby-2.5.1.tar.bz2
BUILD FAILED (Ubuntu 18.04 using ruby-build 20180424)
I'm using Windows 10 Subsytem for Linux. Issue seems to be related to certs but i don't know how to go around it.
We have an application using reCAPTCHA, the application works without problems on the production environment, but on mine new development homestead machine, I get the following error:
file_get_contents(): SSL: Connection reset by peer
I also have troubles using composer, there I get the following error:
[ErrorException]
zlib_decode(): data error
I think both errors are related to SSL.
Do I miss something, do I have to configure the CACERTS by hand?
The problem is related to VirtualBox as mentioned here.
After a downgrade of OSX (Sierra 10.12.1) VirtualBox from 5.1.8 to 5.1.6, the problem was solved.
I am trying to install SonarQube server on Ubuntu14.04 system.
When I do
wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-5.3.zip
i am getting certificate error which says
ERROR: cannot verify akamai.bintray.com's certificate, issued by ‘/C=NL/L=Amsterdam/O=Verizon Enterprise Solutions/OU=Cybertrust/CN=Verizon Akamai SureServer CA G14-SHA2’:
Unable to locally verify the issuer's authority.
I have tried installing the certificate using openssl, still I am unable to get the binaries. I have also updated the ca-certificates using update-ca-certificates, but with no luck.
Can anyone help me on this?
As a workaround:
https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-5.3.zip
redirects to
https://akamai.bintray.com/4e/4e61ee3a01d5e447bcd64357df77e0377325c4a2bb5ceb2cdeb5a5d193443ba5?__gda__=exp=1471600642~hmac=2b041a2929611ac66b6e703c87e0f08a939a5f4cf7a2b9ffa2d7ba3e5a2d7f3e&response-content-disposition=attachment%3Bfilename%3D%22sonarqube-5.3.zip
which seems to be available over HTTP.
So you can try:
wget "http://akamai.bintray.com/4e/4e61ee3a01d5e447bcd64357df77e0377325c4a2bb5ceb2cdeb5a5d193443ba5?__gda__=exp=1471600642~hmac=2b041a2929611ac66b6e703c87e0f08a939a5f4cf7a2b9ffa2d7ba3e5a2d7f3e&response-content-disposition=attachment%3Bfilename%3D%22sonarqube-5.3.zip"
While I try to install the watir, I have the following error, Can anyone please guide me how to resolve this problem?
C:\>gem install watir -v 4.0.2
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
Errno::ECONNRESET: An existing connection was forcibly closed by the remote
host. - SSL_connect (https://api.rubygems.org/api/v1/dependencies?gems=watir-webdriver)
I am using Ruby 2.1.5 and WATIR 4.0.2.
Whenever you see the following error:
Errno::ECONNRESET: An existing connection was forcibly closed by the remote host.
But you can access internet normally, it has a high possibility that your request has been blocked by the Chinese governments' Great Firewall.
In such case, you can try changing your DNS settings to 8.8.8.8(Google) if you are not in China, or you can use Taobao's mirror otherwise.
See ruby.taobao.org for details, if you understand Chinese.
The worst case is that the IP of the server serving the gem is blocked by Great Firewall. It will intercept TCP handshakes by send RST packets to both your browser/client and the server. In such case, you have to use some proxy or VPN to get your job done.
You need to change your rails ssl certificate