Unable to start HTTPS server: [SSL] PEM lib (_ssl.c:2603)
nightillusions opened this issue · 10 comments
After installing and setting up GAD, I see this error in my logs:
[CRITI] Unable to start HTTPS server: [SSL] PEM lib (_ssl.c:2603)
Full Log:
2018-03-21 08:40:56,267 [INFO ] HTTP server did quit
2018-03-21 08:40:56,451 [INFO ] Recieved signal (6) from the OS, shutting down.
2018-03-21 08:40:56,452 [INFO ] Goodbye
2018-03-21 08:40:56,757 [INFO ] Initializing repository /var/www/mojo-dev
2018-03-21 08:40:58,069 [INFO ] Branch master set up to track remote branch master from origin.
2018-03-21 08:40:58,069 [INFO ] Your branch is up-to-date with 'origin/master'.
2018-03-21 08:40:58,069 [INFO ] Reset branch 'master'
2018-03-21 08:40:58,101 [INFO ] Repository /var/www/mojo-dev successfully initialized
2018-03-21 08:40:58,102 [INFO ] Starting Git Auto Deploy in daemon mode
2018-03-21 08:40:58,112 [DEBUG] Successfully cleared lock: /var/www/mojo-dev/status_running
2018-03-21 08:40:58,112 [DEBUG] Successfully cleared lock: /var/www/mojo-dev/status_waiting
2018-03-21 08:40:58,130 [INFO ] Listening for connections on http://XXX.XXX.XXX.XXX:8001
2018-03-21 08:40:58,132 [CRITI] Unable to start HTTPS server: [SSL] PEM lib (_ssl.c:2603)
My pem file setup:
"ssl-cert": "/etc/letsencrypt/live/xxxxx/fullchain.pem",
Setup:
OS: Ubuntu 16.04
SSL: Let´sEncrypt
Hi Letme,
thanks for your response. This issue helped me to set the right permission on /etc/letsencrypt/archive/ before, but now i´m getting this [SSL] PEM lib (_ssl.c:2603) error. Checked all issues here with SSL twice and this seems to be unique.
Okay got it!
With SSL by Let´sEncrypt you have to use the privkey.pem and public key cert.pem seperated. Don´t use the fullchain.pem, because it includes the additional intermediate certificate.
Config:
// TLS/SSL cert (necessary for HTTPS and web socket server to work)
"ssl-key": "/etc/letsencrypt/live/XXX/privkey.pem", // If specified, holds the private key
"ssl-cert": "/etc/letsencrypt/live/XXX/cert.pem", // Holds the public key or both the private and public keys
Are you using python2 or 3? What is on that line in your _ssl.c file inside python you are using? (for example: https://github.com/python/cpython/blob/2.7/Modules/_ssl.c#L2603 ).
What also bothers me is that you are listening for connections on http, so how is your config?
OK, great. Thanks for the solution.
Okay i am back ^^.
I have to use the fullchain.pem because Github needs the intermediate certificate:
We couldn’t deliver this payload: Peer certificate cannot be authenticated with given CA certificates
root@mojo-dev:~# python -V
Python 2.7.12
root@mojo-dev:~# python3 -V
Python 3.5.2
Here is the v2.7.12: https://github.com/python/cpython/blob/v2.7.12/Modules/_ssl.c#L2603
EDIT:
I installed GAD via apt-get.
Here is my config:
{
// HTTP server options
"http-enabled": true,
"http-host": "0.0.0.0",
"http-port": 8001,
// HTTPS server options
"https-enabled": true,
"https-host": "0.0.0.0",
"https-port": 8002,
// Web socket server options (used by web UI for real time updates)
//"wss-enabled": true,
//"wss-host": "0.0.0.0",
//"wss-port": 8003,
// Web user interface options
"web-ui-enabled": true,
"web-ui-username": "admin",
"web-ui-password": "xxx",
"web-ui-whitelist": ["127.0.0.1"],
// TLS/SSL cert (necessary for HTTPS and web socket server to work)
// "ssl-key": "/etc/letsencrypt/live/xxx/privkey.pem", // If specified, holds the private key
// "ssl-cert": "/etc/letsencrypt/live/xxx/cert.pem", // Holds the public key or both the private and public keys
"ssl-cert": "/etc/letsencrypt/live/xxx/fullchain.pem", // Holds the public key or both the private and public keys
// File to store a copy of the console output
"log-file": "/var/log/git-auto-deploy.log",
// Record all log levels by default
//"log-level": "NOTSET",
// Deploy commands that should be executed for all projects
//"global_deploy": [
// "echo Deploy started!",
// "echo Deploy completed!"
//],
// Project configs
"repositories": [
{
"url": "git@github.com:wdj-ac/xxx.git",
"branch": "master",
"remote": "origin",
"path": "/var/www/xxx",
"deploy": "echo deploying",
"filters": [
{
"action": "closed",
"pull_request": true,
"pull_request.base.ref": "master"
}
]
}
// {
// "url": "https://github.com/github/gitignore",
// "path": "/var/lib/git-auto-deploy/gitignore"
// }
// ,{
// "url": "https://api.github.com/repos/olipo186/Git-Auto-Deploy",
// "deploy": "echo deploying after pull request",
// "filters": [
// {
// "type": "pull-request-filter",
// "action": "closed",
// "ref": "testing-branch"
// }
// ]
// }
]
}
With http over 8001 everythings works great.
There is an other error if I enable web socket server, maybe it has the same source:
2018-03-21 10:55:44,062 [ERROR] Exception in thread Thread-3:
2018-03-21 10:55:44,062 [ERROR] Traceback (most recent call last):
2018-03-21 10:55:44,062 [ERROR] File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
2018-03-21 10:55:44,062 [ERROR] self.run()
2018-03-21 10:55:44,062 [ERROR] File "/usr/lib/python2.7/threading.py", line 754, in run
2018-03-21 10:55:44,062 [ERROR] self.__target(*self.__args, **self.__kwargs)
2018-03-21 10:55:44,062 [ERROR] File "/usr/lib/python2.7/dist-packages/gitautodeploy/gitautodeploy.py", line 474, in serve_wss
2018-03-21 10:55:44,062 [ERROR] except BindError as e:
2018-03-21 10:55:44,062 [ERROR] UnboundLocalError: local variable 'BindError' referenced before assignment
2018-03-21 10:55:44,063 [ERROR]
```
Exact same issue here. Any solution at the end?
any solution anyone?? same issue here
Worked for me after chmod on the .pem files:
chmod 640 *.pem
in config:
"ssl-key": ".../privkey.pem",
"ssl-cert": ".../fullchain.pem",