SSL Problem: "cURL error 60: SSL certificate problem: self-signed certificate"
-
Hi,
I have a problem with all of my wordpress apps (not just the developer ones, but the manged ones as well).
When I try to import files (and images) from one domain/website to another by using wp all import/export, I get the error message "cURL error 60: SSL certificate problem: self-signed certificate". When I try to curl the file in the terminal of an app, I also get this error.
I know, there had been troubles with let's encrypt and wordpress and I checked and replaced the ca-certs-file within wordpress already (though the terminal does not even use the wordpress ca-certs file, so I guess it makes use of the OSs ca-certs).
Does anyone have the same problems? Can someone give me a hint on how to fix this problem? Can I change the ca-certs files of the OS without breaking something of the cloudron installation, as the advice is not to make any changes to the system cloudron is installed in.
Thanks in advance
Patrick -
Presumably the domains from where you are importing from do not have valid SSL certificates. If those are on Cloudron, have you tried to manually click the certificate renew button to ensure those have valid ones? Otherwise I guess that WordPress importer needs some way to allow self-signed or ignore expired ones.
-
@Patmo-de said in SSL Problem: "cURL error 60: SSL certificate problem: self-signed certificate":
I know, there had been troubles with let's encrypt and wordpress and I checked and replaced the ca-certs-file within wordpress already (though the terminal does not even use the wordpress ca-certs file, so I guess it makes use of the OSs ca-certs).
On Cloudron, the certificates are managed by nginx. This is in front of the application and the application has no idea about it. Any cert changes you make inside the WordPress container has no effect.
When I try to curl the file in the terminal of an app, I also get this error.
Can you tell us more about this? Are you trying to cURL an external app ? Are you transfering between WP instances where both are hosted on Cloudron ?
-
I am very sorry for my late answer but I have been Ill for the last few days.
Both wordpress apps are installed on the same cloudron server. (I have two cloudron servers btw. and both are running for over a year now. One is older than the other. The Wordpress apps are running on the "younger" one). For Wordpress I use the WPAllImport/WPAllExport Plugind by Soflyy. I used those for years now on my old servers. Now I switched with these two domains/apps to the cloudron server and I get these errors.
Maybe there is something else not working correctly, as I cannot "Renew Certs" as you mentioned. Each click ends in an
Cannot read properties of undefined (reading 'WEBSOCKETS_DOMAIN')error. I'll dig into this first, maybe that is the source, why I cannot curl wordpress on that cloudron instance.This is from the Log view:Jul 30 16:37:39 box:tasks setCompleted - 4772: {"result":null,"error":{"stack":"TypeError: Cannot read properties of undefined (reading 'WEBSOCKETS_DOMAIN')\n at writeAppLocationNginxConfig (/home/yellowtent/box/src/reverseproxy.js:550:47)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async writeAppConfigs (/home/yellowtent/box/src/reverseproxy.js:573:9)\n at async checkCerts (/home/yellowtent/box/src/reverseproxy.js:682:13)","message":"Cannot read properties of undefined (reading 'WEBSOCKETS_DOMAIN')"}} Jul 30 16:37:39 box:tasks update 4772: {"percent":100,"result":null,"error":{"stack":"TypeError: Cannot read properties of undefined (reading 'WEBSOCKETS_DOMAIN')\n at writeAppLocationNginxConfig (/home/yellowtent/box/src/reverseproxy.js:550:47)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async writeAppConfigs (/home/yellowtent/box/src/reverseproxy.js:573:9)\n at async checkCerts (/home/yellowtent/box/src/reverseproxy.js:682:13)","message":"Cannot read properties of undefined (reading 'WEBSOCKETS_DOMAIN')"}} [no timestamp] Cannot read properties of undefined (reading 'WEBSOCKETS_DOMAIN') [no timestamp] at writeAppLocationNginxConfig (/home/yellowtent/box/src/reverseproxy.js:550:47) [no timestamp] at process.processTicksAndRejections (node:internal/process/task_queues:95:5) [no timestamp] at async writeAppConfigs (/home/yellowtent/box/src/reverseproxy.js:573:9) [no timestamp] at async checkCerts (/home/yellowtent/box/src/reverseproxy.js:682:13)[Edit: The "Renew certs" now works again. I had tested the pixelfed app on that instance as well and there were some problems with the certification process. This has been fixed now.]
As for the CURL-Operations:
The importer tries to CURL the images from the exported website to the other one. Therefore it tries to CURL the images. Tage this one for example:
https://krisenkompass.de/wp-content/uploads/2024/06/Dank-Allen.jpgWhen I open the terminal of the wordpress app where this shall be imported and try to run the CURL task manually
https://krisenkompass.de/wp-content/uploads/2024/06/Dank-Allen.jpgI receibe the following error message:
curl: (60) SSL certificate problem: self-signed certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -
J joseph marked this topic as a question on
-
J joseph has marked this topic as solved on
-
J joseph has marked this topic as unsolved on
-
@Patmo-de looks like I misunderstood your edit. So, you can query it fine from outside? I can
curl https://krisenkompass.de/wp-content/uploads/2024/06/Dank-Allen.jpgjust fine, the certificates are valid.
In the Web terminal of the app, can you
host krisenkompass.de? Does it point to your IP correctly? -
Ok, I found the source of the problem: the firewall. It did not allow a website to curl from the same server.
When digging deeper into the error message, I was presented with a 404 page from the firewall and that certificate was self signed - of course.
That's why I set up the cloudron unbound to use the dns of my firewall as described here: https://docs.cloudron.io/troubleshooting/#dns and now the curl operation works as expected. The topic can now be closed. Thank you all for your help and pointing me to the right directions!
-
N nebulon has marked this topic as solved on
