I'm hosting my downloads on GitHub, to save bandwidth on my own server, but when Sparkle updater tries to download updates from GitHub, it fails with error:
Sparkle Error (continued): The operation couldn’t be completed. (NSURLErrorDomain error -1100.)
I figured out that this is due to a certificate mismatch from GitHub, as you can see from this attempt to use wget to download my app from GitHub:
$ wget http://github.com/downloads/chetan51/sidestep/Sidestep%20v0.2.1.zip
--2010-11-21 16:29:26-- http://github.com/downloads/chetan51/sidestep/Sidestep%20v0.2.1.zip
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/downloads/chetan51/sidestep/Sidestep%20v0.2.1.zip [following]
--2010-11-21 16:29:27-- https://github.com/downloads/chetan51/sidestep/Sidestep%20v0.2.1.zip
Connecting to github.com|207.97.227.239|:443... connected.
ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'.
To connect to github.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
Are there any workarounds for this problem?
I suspect you’re not actually getting as far as the certificate error. I had a similar error this weekend, and found that Sparkle (incorrectly) performs %-escaping on attachment URLs. If you change the %20 to a plain space, you’ll probably get a different error indicating the problem you thought you were having.
Not really very helpful, I know.
Related
I wanted to write out this question here for anyone looking to resolve issues related to SSL certificate. I know that there are a lot of solutions out there (setting any form of sslVerify = false IS NOT the solution people!) for both Windows and Linux-based machines, but none of them works out for me at my company. This has been an on and off issue for the past year, so I'm hoping this might help out someone else.
If you've seen anything similar to the following errors, this might be a good stepping point to a solution:
curl (60) SSL certificate problem: unable to get local issuer certificate
PHP Warning: no valid certs found cafile stream
Composer: The [repo] file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Then check out Matt Ferderer's post (https://mattferderer.com/fix-git-self-signed-certificate-in-certificate-chain-on-windows) and pay specific attention to the certificate path (image).
For me, there were a good number of posts about how a company's firewall might cause an issue. But the idea that a company's IT department may have other applications that intercept the request you're sending out is something to consider. It was Matt's specific post that was the turning point in my hunt for a solution. I hope it might help you out.
Specifically for me, after viewing the certificate path (described in Matt's post), I noticed that my company's cloud security application was, for some reason, altering the certificates, causing the SSL verification error. The IT department was able to update the settings of the application, and then immediately all of the errors stopped.
I've been using Bitbucket for 2 years on my Macbook. Today I went to view one of my depots but I am getting the error message, Your connection is not secure. All other sites works, it's only Bitbucket.org that is giving me this error. I've tried using Safari and Firefox, neither work. I also can not connect using SourceTree. I am able to connect on my Windows computer so that rules out my router. I've deleted all expired certificates in Keychain and deleted cookies and cache. Does anyone know what the issue might be?
The Macbook's clock is set automatically and is displaying the correct time. In Firefox, when the website fails to load, I can see these 3 messages by clicking the Advance button,
bitbucket.org uses an invalid security certificate.
The certificate is only valid for search.dnsadvantage.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN.
If I click on the last error, it opens another page which displays, https://bitbucket.org/ Unable to communicate securely with peer: requested domain name does not match the server's certificate. HTTP Strict Transport Security: true HTTP Public Key Pinning: false.
Is there somewhere else I need to go to locate more information about the error?
Looks like you've picked up a virus and/or malware:
http://www.fixingvirus.com/always-redirected-to-search-dnsadvantage-com-how-to-stop-it/
That link is for Windows machines so maybe check this for Macbook?:
https://www.fixyourbrowser.com/how-to/remove-adware-mac-osx-safari-chrome-firefox/
Note I don't vouch for above links but first ones that came up when I Googled for "search.dnsadvantage.com". Seems a common problem.
I am trying to create a bot on my server running 10.9, and I keep getting the following error:
Bot creation failed with error: An SSL error has occurred and a secure
connection to the server cannot be made.
I just updated my SSL cert from the self signed to one from GoDaddy. My https://servername connects fine with a green https.
How do I get it to recognize my certificate?
I never was able to find a solution. I ended up doing a clean install, add my GoDaddy SSL certificates again, and the problem was resolved.
I ran
$ gem fetch -V github-linguist
GET http://rubygems.org/latest_specs.4.8.gz
302 Moved Temporarily
GET http://production.s3.rubygems.org/latest_specs.4.8.gz
200 OK
ERROR: While executing gem ... (Zlib::GzipFile::Error)
not in gzip format
then to my shock I opened the link in my browser and see
this message
Norton DNS
Malicious Web Site Blocked
You attempted to access: production.s3.rubygems.org
This is a known malicious web site. It is recommended that you do NOT visit
this site. This site points to production.s3.rubygems.org.s3.amazonaws.com,
which is malicious.
On pencil’s suggestion I ran
namebench and have switched to OpenDNS-2.
Probably someone used AWS to distribute malware and some buggy automatism now blockes *.amazonaws.com
Must be a filter anywhere between you and Amazon (Router/Firewall, Proxy, ISP, Name Server, ...). Start by using different name servers (like Google's 8.8.8.8).
I am having trouble connecting Redmine to a locally hosted subversion repository using SSL.
I suspect it's the self-signed certificate that usually triggers a warning in the SVN client and browser.
When I try to connect to the local repo through SSL in Redmine, I get a red "Revision not available" error. When I try connecting through svn://, the connection times out, and I have to restart the web server.
Connecting without SSL works without problems.
It would be nice to run subversion on SSL to make it safely accessible from the outside as well. I could run the repository through plain HTTP but would like SSL for outside communication. As far as I understand, subversion can't be run both ways at the same time.
Does anybody know what to do in such a situation? Is there a configuration setting to ignore invalid certificates somewhere?
Looking at the source all redmine does is shell out to the svn binary, see: http://www.redmine.org/projects/redmine/repository/entry/trunk/lib/redmine/scm/adapters/subversion_adapter.rb
So if you can somehow workout how to get the binary to accept your SSL certificate then you will be good.
From http://groups.google.com/group/bitten/browse_thread/thread/d18b21a703c68344?pli=1 it seems you need some manual interaction with svn to accept the cert.
So my suggestion: run svn checkout against your repo as the user running redmine and permanently accept the cert
The reason you are getting this message is because the default user under which redmine is running (www-data) calls the “svn” client to communicate with the repositories but the client replies back to it saying that the certificate is untrusted, thus the connection is closed.
Here's a step by step fix:
http://haknick.tumblr.com/post/2380507902/redmine-svn-subversion-certificate-issue-ubuntu
since you control both the client and the server, is having the client accept the server certificate's issuing authority an option?
if it isn't a permanent option, at least you'd know if it was the problem if you did it temporarily.