Self signed certificate error on a docker local installation
121 views
Skip to first unread message
Oscar Pascual Gimeno
Dec 1, 2023, 7:03:55 AM12/1/23
to BigBlueButton-Setup
After a docker installation on a local machine following these steps: https://github.com/bigbluebutton/docker/blob/develop/docs/development.md we are getting the following error when accessing the meeting via BigBlueButton API:
[error] 23#23: *47 [lua] lets_encrypt.lua:40: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=9006aaf88b62bec1c68dfee531a86c86a587962df23a795767c0d5854f864fc5 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain bbb.profe.local --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
https_proxy_1 | startup_hook
https_proxy_1 | Processing bbb.profe.local
https_proxy_1 | + Signing domains...
https_proxy_1 | + Generating private key...
https_proxy_1 | + Generating signing request...
https_proxy_1 | + Requesting new certificate order from CA...
https_proxy_1 | err: + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)
https_proxy_1 |
https_proxy_1 | Details:
https_proxy_1 | HTTP/2 400
https_proxy_1 | server: nginx
https_proxy_1 | date: Fri, 01 Dec 2023 11:31:16 GMT
https_proxy_1 | content-type: application/problem+json
https_proxy_1 | content-length: 217
https_proxy_1 | boulder-requester: 1442800116
https_proxy_1 | cache-control: public, max-age=0, no-cache
https_proxy_1 | link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
https_proxy_1 | replay-nonce: 65r2Q3lMMfGLsdR2IEHrcgPy_0D6iyf27gBAvk59YPYmHXi6F2A
https_proxy_1 |
https_proxy_1 | {
https_proxy_1 | "type": "urn:ietf:params:acme:error:rejectedIdentifier",
https_proxy_1 | "detail": "Error creating new order :: Cannot issue for \"bbb.profe.local\": Domain name does not end with a valid public suffix (TLD)",
https_proxy_1 | "status": 400
https_proxy_1 | }
https_proxy_1 |
https_proxy_1 | , context: ssl_certificate_by_lua*, client: 172.25.0.4, server: 0.0.0.0:443
https_proxy_1 | 2023/12/01 11:31:17 [error] 23#23: *47 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 172.25.0.4, server: 0.0.0.0:443
https_proxy_1 | 2023/12/01 11:31:17 [error] 23#23: *47 [lua] ssl_certificate.lua:291: auto-ssl: could not get certificate for bbb.profe.local - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 172.25.0.4, server: 0.0.0.0:443
https_proxy_1 | startup_hook
https_proxy_1 | Processing bbb.profe.local
https_proxy_1 | + Signing domains...
https_proxy_1 | + Generating private key...
https_proxy_1 | + Generating signing request...
https_proxy_1 | + Requesting new certificate order from CA...
https_proxy_1 | err: + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)
https_proxy_1 |
https_proxy_1 | Details:
https_proxy_1 | HTTP/2 400
https_proxy_1 | server: nginx
https_proxy_1 | date: Fri, 01 Dec 2023 11:31:16 GMT
https_proxy_1 | content-type: application/problem+json
https_proxy_1 | content-length: 217
https_proxy_1 | boulder-requester: 1442800116
https_proxy_1 | cache-control: public, max-age=0, no-cache
https_proxy_1 | link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
https_proxy_1 | replay-nonce: 65r2Q3lMMfGLsdR2IEHrcgPy_0D6iyf27gBAvk59YPYmHXi6F2A
https_proxy_1 |
https_proxy_1 | {
https_proxy_1 | "type": "urn:ietf:params:acme:error:rejectedIdentifier",
https_proxy_1 | "detail": "Error creating new order :: Cannot issue for \"bbb.profe.local\": Domain name does not end with a valid public suffix (TLD)",
https_proxy_1 | "status": 400
https_proxy_1 | }
https_proxy_1 |
https_proxy_1 | , context: ssl_certificate_by_lua*, client: 172.25.0.4, server: 0.0.0.0:443
https_proxy_1 | 2023/12/01 11:31:17 [error] 23#23: *47 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 172.25.0.4, server: 0.0.0.0:443
https_proxy_1 | 2023/12/01 11:31:17 [error] 23#23: *47 [lua] ssl_certificate.lua:291: auto-ssl: could not get certificate for bbb.profe.local - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 172.25.0.4, server: 0.0.0.0:443
Oscar Pascual Gimeno
Dec 1, 2023, 7:26:57 AM12/1/23
to BigBlueButton-Setup
This is the error shown on the browser:
Fatal error: Uncaught RuntimeException: Unhandled curl error: SSL certificate problem: self signed certificate in /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php:487 Stack trace: #0 /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php(230): BigBlueButton\BigBlueButton->processXmlResponse('bbb.profe.local...')
Jean Pluzo
Dec 1, 2023, 8:13:04 AM12/1/23
to BigBlueButton-Setup
Hi,
I think you might have some terms confused.
Self signed certificate: a certificate which you have created and also approved by yourself. No third-party entity has been involved. BBB doesn't work well (or at all) with these.
"normal" certificate: a certificate which has been approved by a third-party entity (Certificate Authority or CA).
This (normal certificate) is what seems to be going on in your log since you're using the so called acme challenges. For this there's a script which generates a certificate signing request (csr), asks acme (CA) to validate such csr and generates/downloads a valid certificate from the acme servers as well as installs it in your BBB server.
If you use a FQDN (Fully Qualified Domain Name) ending in .local acme will not accept it, since it knows most private networks (e.g. intranets) use this kind of ending.
You have to use a (really) FQDN to be able to install a certificate and BBB. You can see this in "Domain name does not end with a valid public suffix" (el nombre del dominio no termina con un sufijo publico valido).
Regards,
J.
Diego Reategui
Jan 17, 2024, 4:14:34 AM1/17/24
to BigBlueButton-Setup
Extending what Oscar explained, we changed the domain to bbb.profe.com and we can reach greenlight home, but trying to access a meeting we are getting again the same error on the browser:
Fatal error: Uncaught RuntimeException: Unhandled curl error: SSL certificate problem: self signed certificate in /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php:487 Stack trace: #0 /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php(230): BigBlueButton\BigBlueButton->processXmlResponse('bbb.profe.com/b...') #1 /var/www/html/.src/services/BigBlueButtonService.php(161): BigBlueButton\BigBlueButton->isMeetingRunning(Object(BigBlueButton\Parameters\IsMeetingRunningParameters)) #2 /var/www/html/.src/services/ClassroomService.php(40): Services\BigBlueButtonService->isMeetingRunning('2131') #3 /var/www/html/lesson/index.php(21): Services\ClassroomService->connectToClassroom(10386, 'teacher', '2131') #4 {main} thrown in /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php on line 487
Fatal error: Uncaught RuntimeException: Unhandled curl error: SSL certificate problem: self signed certificate in /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php:487 Stack trace: #0 /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php(230): BigBlueButton\BigBlueButton->processXmlResponse('bbb.profe.com/b...') #1 /var/www/html/.src/services/BigBlueButtonService.php(161): BigBlueButton\BigBlueButton->isMeetingRunning(Object(BigBlueButton\Parameters\IsMeetingRunningParameters)) #2 /var/www/html/.src/services/ClassroomService.php(40): Services\BigBlueButtonService->isMeetingRunning('2131') #3 /var/www/html/lesson/index.php(21): Services\ClassroomService->connectToClassroom(10386, 'teacher', '2131') #4 {main} thrown in /var/www/html/vendor/bigbluebutton/bigbluebutton-api-php/src/BigBlueButton.php on line 487
and on the terminal:
bbb-docker-https_proxy-1 | 2024/01/17 08:43:55 [error] 23#23: *23 [lua] lets_encrypt.lua:40: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=5b2805b04cf6b588a8f8e23ce2d99c2dd656385c04de1de4d947656a595a6ff2 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain bbb.profe.com --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
bbb-docker-https_proxy-1 | startup_hook
bbb-docker-https_proxy-1 | Processing bbb.profe.com
bbb-docker-https_proxy-1 | + Signing domains...
bbb-docker-https_proxy-1 | + Generating private key...
bbb-docker-https_proxy-1 | + Generating signing request...
bbb-docker-https_proxy-1 | + Requesting new certificate order from CA...
bbb-docker-https_proxy-1 | + Received 1 authorizations URLs from the CA
bbb-docker-https_proxy-1 | + Handling authorization for bbb.profe.com
bbb-docker-https_proxy-1 | + 1 pending challenge(s)
bbb-docker-https_proxy-1 | + Deploying challenge tokens...
bbb-docker-https_proxy-1 | deploy_challenge
bbb-docker-https_proxy-1 | + Responding to challenge for bbb.profe.com authorization...
bbb-docker-https_proxy-1 | invalid_challenge
bbb-docker-https_proxy-1 | Invalid challenge: DOMAIN=bbb.profe.com RESPONSE={
bbb-docker-https_proxy-1 | "type": "http-01",
bbb-docker-https_proxy-1 | "status": "invalid",
bbb-docker-https_proxy-1 | "error": {
bbb-docker-https_proxy-1 | "type": "urn:ietf:params:acme:error:dns",
bbb-docker-https_proxy-1 | "detail": "no valid A records found for bbb.profe.com; no valid AAAA records found for bbb.profe.com",
bbb-docker-https_proxy-1 | "status": 400
bbb-docker-https_proxy-1 | },
bbb-docker-https_proxy-1 | "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/305089976716/zWcd3A",
bbb-docker-https_proxy-1 | "token": "PGBe5IOflJMK6-RlcevoLt8GcBII8QGsJb30ZEvcTzw",
bbb-docker-https_proxy-1 | "validated": "2024-01-17T08:43:52Z"
bbb-docker-https_proxy-1 | }
bbb-docker-https_proxy-1 | err: nil, context: ssl_certificate_by_lua*, client: 192.168.1.87, server: 0.0.0.0:443
bbb-docker-https_proxy-1 | 2024/01/17 08:43:55 [error] 23#23: *23 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 192.168.1.87, server: 0.0.0.0:443
bbb-docker-https_proxy-1 | startup_hook
bbb-docker-https_proxy-1 | Processing bbb.profe.com
bbb-docker-https_proxy-1 | + Signing domains...
bbb-docker-https_proxy-1 | + Generating private key...
bbb-docker-https_proxy-1 | + Generating signing request...
bbb-docker-https_proxy-1 | + Requesting new certificate order from CA...
bbb-docker-https_proxy-1 | + Received 1 authorizations URLs from the CA
bbb-docker-https_proxy-1 | + Handling authorization for bbb.profe.com
bbb-docker-https_proxy-1 | + 1 pending challenge(s)
bbb-docker-https_proxy-1 | + Deploying challenge tokens...
bbb-docker-https_proxy-1 | deploy_challenge
bbb-docker-https_proxy-1 | + Responding to challenge for bbb.profe.com authorization...
bbb-docker-https_proxy-1 | invalid_challenge
bbb-docker-https_proxy-1 | Invalid challenge: DOMAIN=bbb.profe.com RESPONSE={
bbb-docker-https_proxy-1 | "type": "http-01",
bbb-docker-https_proxy-1 | "status": "invalid",
bbb-docker-https_proxy-1 | "error": {
bbb-docker-https_proxy-1 | "type": "urn:ietf:params:acme:error:dns",
bbb-docker-https_proxy-1 | "detail": "no valid A records found for bbb.profe.com; no valid AAAA records found for bbb.profe.com",
bbb-docker-https_proxy-1 | "status": 400
bbb-docker-https_proxy-1 | },
bbb-docker-https_proxy-1 | "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/305089976716/zWcd3A",
bbb-docker-https_proxy-1 | "token": "PGBe5IOflJMK6-RlcevoLt8GcBII8QGsJb30ZEvcTzw",
bbb-docker-https_proxy-1 | "validated": "2024-01-17T08:43:52Z"
bbb-docker-https_proxy-1 | }
bbb-docker-https_proxy-1 | err: nil, context: ssl_certificate_by_lua*, client: 192.168.1.87, server: 0.0.0.0:443
bbb-docker-https_proxy-1 | 2024/01/17 08:43:55 [error] 23#23: *23 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 192.168.1.87, server: 0.0.0.0:443
thanks in advance, we are a little lost.
Regards,
Diego.
Reply all
Reply to author
Forward
0 new messages