堆栈内存溢出
  简体   繁体   English

有效证书上的 Rails SSL 证书错误

[英]Rails SSL certificate error on valid certificate

 原文  2021-10-01 11:01:07       ruby-on-rails/ openssl/ lets-encrypt

问题描述

I have small Rails app that performs various checks on our platform and sends me an email in case of an issue.我有一个小型 Rails 应用程序,可以在我们的平台上执行各种检查,并在出现问题时向我发送 email。 Everything was running fine until today i started getting alerts about the following error:一切都运行良好,直到今天我开始收到有关以下错误的警报:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)

Now the problem is the certificate in question is valid, it gets automatically renewed (Let's encrypt) and this code has been untouched for a couple of years and never had any issues before and suddenly this started to happen.现在的问题是有问题的证书是有效的,它会自动更新(让我们加密)并且这段代码已经有几年没有被触及了,之前从未有过任何问题,突然间这种情况开始发生。

The code that throws the exception:抛出异常的代码:

def get_request url
  uri = URI.parse(url)
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true

  #more than 10 seconds this is too slow
  http.open_timeout = 10
  http.read_timeout = 10

  request = Net::HTTP::Get.new(uri.request_uri)
  response = http.request(request)

  if response.code.to_i == 200
    return true
  else
    puts "Failed to GET #{url}: #{response.code.to_i}"
    return false
  end
end

If i open the site in the browser, it shows the secure connection without issues and shows that is using a valid certificate, furthermore if i check with certbot i get the following: Expiry Date: 2021-11-22 17:48:58+00:00 (VALID: 52 days) so clearly the certificate is valid, why suddenly rails is throwing a tantrum about it?如果我在浏览器中打开该站点,它会显示安全连接没有问题,并显示正在使用有效证书,此外,如果我检查certbot ,我会得到以下信息: Expiry Date: 2021-11-22 17:48:58+00:00 (VALID: 52 days)明明证书是有效的,为什么rails会突然发脾气呢?

Note that i have restarted Nginx just in case, that didn't help.请注意,为了以防万一,我已经重新启动了 Nginx,但这并没有帮助。

Additional info: Ubuntu 16.04.5, OpenSSL 1.0.2g 1 Mar 2016, Rails 4.2, Ruby 2.6.5附加信息:Ubuntu 16.04.5、OpenSSL 1.0.2g 2016 年 3 月 1 日,Rails 4.2、Ruby 2.6.5

EDIT:编辑:

This error also happens with a different url, which also has a valid certificate.此错误也会发生在不同的 url 上,它也有一个有效的证书。

EDIT 2:编辑 2:

I've isolated the problem, it is related to Let's Encrypt DST Root CA X3 that has expired.我已经隔离了问题,它与 Let's Encrypt DST Root CA X3 已过期有关。 A lot of people are dealing with this issue, i'll report my solution once i find one.很多人都在处理这个问题,一旦找到一个,我会报告我的解决方案。

1 个解决方案

解决方案1
 6 已采纳  2021-10-01 14:43:38

So after reading through this long thread of the Let's Encrypt community, the solution for my case ended up being to remove the DST Root CA X3 certificate:因此,在通读了 Let's Encrypt 社区的这篇文之后,我的案例的解决方案最终是删除DST Root CA X3证书:

sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
sudo update-ca-certificates

After that no more errors from openssl.之后 openssl 不再有错误。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSL证书错误在Rails上安装ruby时 - SSL certificate Error While installing ruby on rails 创建Rails的SSL证书 - Create ssl certificate for rails SSL证书WPEngine到Heroku Rails - SSL Certificate WPEngine to Heroku Rails 无法在Ruby on Rails中绕过HTTParty的SSL证书错误 - Unable to bypass SSL Certificate Error with HTTParty in Ruby on Rails 如何在Rails 3项目中包含SSL证书 - How to include SSL Certificate in Rails 3 project 使用Rails应用程序进行SSL证书安装的Nginx配置 - nginx configuration for ssl certificate installation with rails application 在Rails应用程序中为PostgreSQL提供SSL证书 - Provide SSL certificate to PostgreSQL in a Rails app 我如何避免在Heroku托管的站点(使用Rails构建)上发生SSL错误而无需支付SSL证书 - How can I avoid an SSL error on a Heroku-hosted site (built with Rails) without paying for an SSL certificate 红宝石宝石v 2.5.0的SSL证书错误 - SSL Certificate error for ruby gems v 2.5.0 软件包安装失败,并显示SSL证书验证错误 - bundle install fails with SSL certificate verification error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM