I just updated certificates on my server.
After that I am getting this error:
SSLError: HTTPSConnectionPool(host='10.164.1.1', port=9999): Max retries exceeded with url: /rest/nice_endpoint (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))
Try this first:
sudo apt-get install ca-certificates
sudo update-ca-certificates
If it does help, try this
sudo pip uninstall -y certifi
sudo pip install certifi== xx.xx.xx # e.g., 2015.04.28
May be insecure, but you could ignore SSL certificate verification with requests by passing verify=False like:
requests.get('your_url_here', verify=False)
See: How do I disable the security certificate check in Python requests
Related
I'm interested in running a simple image like this behind a corporate Zscaler firewall:
FROM rocker/r-base
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
Building the image with docker build -t test . fails with errors like this:
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: ]
I've tried some of the solutions from here but they don't work. For example:
FROM rocker/r-base
# Add local certificate to Docker
ADD ./zscaler.cer /usr/local/share/ca-certificates/zscaler.crt
# Move the certificate to the cert dir of openssl and update certificates
RUN CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs ; cp /usr/local/share/ca-certificates/zscaler.crt $CERT_DIR ; update-ca-certificates
# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
Same errors persist with docker build -t test .. I've read some possible solutions online but all of them continually fail either for apt-get or for installing packages with R. Is there anyone who has experienced this and found a fix?
Apparently, the current advice is slightly wrong. The certificate should not go in /etc/ssl/certs/ (which is the result of CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs) but rather on CERT_DIR=/usr/local/share/ca-certificates/ (at least on this Ubuntu image). After changing that, update-ca-certificates correctly updates the certificate an all HTTPS requests are successful.
This should work now:
FROM rocker/r-base
# Add local certificate to Docker
ADD ./zscaler.pem /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt
# update certificates
RUN update-ca-certificates
# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
I have installed latest version of nginx.It is is installed succefully.
But getting error while typing the below command.
sudo ufw allow 'Nginx Full'
Error:ERROR: Could not find a profile matching 'Nginx Full'
sudo ufw app list
showing only
Available applications:
OpenSSH
How to add the application.
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
I have installed two times nginx server
Error:ERROR: Could not find a profile matching 'Nginx Full'
Ubuntu (18.04)
You can see which apps are available by running this command:
ufw app list
Ports:
HTTP - 80
HTTPS - 443
Simple way to add them to UFW:
ufw allow 80,443/tcp
If you are wanting to accomplish this via application you will need to create the application ini file within /etc/ufw/applications.d
Example:
vi /etc/ufw/applications.d/nginx.ini
Place this inside file
[Nginx HTTP]
title=Web Server
description=Enable NGINX HTTP traffic
ports=80/tcp
[Nginx HTTPS] \
title=Web Server (HTTPS) \
description=Enable NGINX HTTPS traffic
ports=443/tcp
[Nginx Full]
title=Web Server (HTTP,HTTPS)
description=Enable NGINX HTTP and HTTPS traffic
ports=80,443/tcp
Then type this commands
ufw app update nginx
ufw app info 'Nginx HTTP'
ufw allow 'Nginx HTTP'
I had the same problem.. turned out Nginx was not installed due to some reason.
So it showed only OpenSSH by doing
sudo ufw app list
I got to this when I tried to uninstall Nginx using the command
sudo apt-get remove nginx
The output showed something like this:
Package 'nginx' is not installed, so not removed
Now you have to try installing Nginx again using commands
sudo apt update
sudo apt install nginx
sudo ufw app list
now the options will be available
// Check to see
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
Now allow HTTP port using the command:
sudo ufw allow 'Nginx HTTP'
And finally run this command:
sudo ufw enable
Now hit the URL in browser it will show Nginx default page.
ERROR: Could not find a profile matching 'OpenSSH', Then install first ssh by given command
sudo apt-get install ssh
After installing package add the OpenSSH allow
sudo ufw allow OpenSSH
sudo ufw status
Tested
Happened to me after installing using the official site's instructions for Ubuntu
Simply install as this (after removing if already installed)
sudo apt-get remove nginx
sudo apt install nginx
I am unable to download file's from svn repository into unix AIX system. I am using "curl" command in unix to download the file but it fails with below error
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
command used :
curl -u username:password http://server.com/svn/trunk/test.file
Are there any settings in subversion repository which i need to change to make the curl command work.If yes, then how to change them.
I cannot use wget because it is not installed on our machine the alternative is curl.
Please, help me download subversion files into unix. your help will be greatly appreciated.
Thanks,
Sri
The short way to do it would be to add the --insecure option to the curl command. This tells cURL to ignore the fact that it can't verify the signer of the SSL cert used by your SVN server.
curl -u username:password --insecure https://server.com/svn/trunk/test.file
The error is happening for one of two reasons, either your SVN access is secured using a self-signed certificate from a CA not in the certificate chain for the OS, or the trusted certs cURL is using is outdated and doesn't have a certificate from the CA that signed your SVN SSL certificate.
You can either download the root certificate that signed your SSL cert and specify it like: curl --cacert /path/to/cert.pem. Otherwise, you'll need to determine how and where to install additional certificates to be trusted. This partly depends on whether or not cURL is using OpenSSL or NSS. This site has some guidance on how to do this for various operating systems.
Thanks for your response. I have changed the command to
curl -k http://server.com/svn/trunk/test.file -u username:password > test.file
and it worked.
Thanks,
Sri
I use command Ubuntu: sudo apt-get install phpmyadmin
In process installing I inform about selection type of server: apache2 and lighttpd.
My server is build only on Nginx + php_fpm.
How i can install phpmyadmin without selection apache2 or lighttpd?
Sorry for stupid question
First install php5-fpm and then install phpmyadmin.
sudo apt-get install php5-fpm
sudo apt-get install phpmyadmin
The software, phpMyAdmin, requires a Web server and PHP. If PHP and a Web server have not yet been installed, then the default action is to use Apache. The package, php5-fpm, satisfies the requirements; thus, installing phpmyadmin after php5-fpm results in only the following additional package dependencies.
dbconfig-common javascript-common libjs-codemirror libjs-jquery
libjs-jquery-cookie libjs-jquery-event-drag libjs-jquery-metadata
libjs-jquery-mousewheel libjs-jquery-tablesorter libjs-jquery-ui
libjs-underscore libmcrypt4 php-gettext php5 php5-gd php5-mcrypt php5-mysql
Although PHP-FPM is not a Web server, the package maintainer understood that if php5-fpm has been installed, then the Ubuntu server will utilize some other Web server that uses the FastCGI Process Manager (FPM), and there is no need to know which Web server.
considering you have a lemp stack
you could also skip the queston with tab to "ok".
this might force phpmyadmin to install apache2, at least on the newest built, it wasnt like that before.
than when an error arrives that apache2 could not start, this is due nginx php-fpm already using the port, just toggle apache to start with this shell command
sudo update-rc.d -f apache2 remove
I am trying to install Meteor.js on a VM (Ubuntu 12.04) created with Vagrant.
The install should be as simple as:
curl https://install.meteor.com | /bin/sh
However this fails with curl: (7) couldn't connect to host
I have isolated the failure to a request within that shell script to this URL:
https://warehouse.meteor.com/bootstrap/0.7.0.1/meteor-bootstrap-Linux_i686.tar.gz
When I changed it to use HTTP instead of HTTPS it works. However I am running into problems elsewhere where it needs to pull things from httpS://warehouse.meteor.com/...
I thought the problem was with https, but if I do:
curl https://google.com
I get the page no problem, so what could be the issue?
Per another Ubuntu/Meteor question, it appears that there's some kind of certificate error (Meteor's SSL CA may not be installed by default in Ubuntu?) that goes away when you:
sudo apt-get update && sudo apt-get upgrade
For me upgrade didn't solve the problem.
My solution was to download the script from install.meteor.com and replace TARBALL_URL from https to http and I ran the script manually.