stackoom
  简体   繁体   中英

Rails SSL certificate error on valid certificate

 原文  2021-10-01 11:01:07       ruby-on-rails/ openssl/ lets-encrypt

Question

I have small Rails app that performs various checks on our platform and sends me an email in case of an issue. Everything was running fine until today i started getting alerts about the following error:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)

Now the problem is the certificate in question is valid, it gets automatically renewed (Let's encrypt) and this code has been untouched for a couple of years and never had any issues before and suddenly this started to happen.

The code that throws the exception:

def get_request url
  uri = URI.parse(url)
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true

  #more than 10 seconds this is too slow
  http.open_timeout = 10
  http.read_timeout = 10

  request = Net::HTTP::Get.new(uri.request_uri)
  response = http.request(request)

  if response.code.to_i == 200
    return true
  else
    puts "Failed to GET #{url}: #{response.code.to_i}"
    return false
  end
end

If i open the site in the browser, it shows the secure connection without issues and shows that is using a valid certificate, furthermore if i check with certbot i get the following: Expiry Date: 2021-11-22 17:48:58+00:00 (VALID: 52 days) so clearly the certificate is valid, why suddenly rails is throwing a tantrum about it?

Note that i have restarted Nginx just in case, that didn't help.

Additional info: Ubuntu 16.04.5, OpenSSL 1.0.2g 1 Mar 2016, Rails 4.2, Ruby 2.6.5

EDIT:

This error also happens with a different url, which also has a valid certificate.

EDIT 2:

I've isolated the problem, it is related to Let's Encrypt DST Root CA X3 that has expired. A lot of people are dealing with this issue, i'll report my solution once i find one.

1 answers

solution1
 6 ACCPTED  2021-10-01 14:43:38

So after reading through this long thread of the Let's Encrypt community, the solution for my case ended up being to remove the DST Root CA X3 certificate:

sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
sudo update-ca-certificates

After that no more errors from openssl.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL certificate Error While installing ruby on rails Create ssl certificate for rails SSL Certificate WPEngine to Heroku Rails Unable to bypass SSL Certificate Error with HTTParty in Ruby on Rails How to include SSL Certificate in Rails 3 project nginx configuration for ssl certificate installation with rails application Provide SSL certificate to PostgreSQL in a Rails app How can I avoid an SSL error on a Heroku-hosted site (built with Rails) without paying for an SSL certificate SSL Certificate error for ruby gems v 2.5.0 bundle install fails with SSL certificate verification error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM