certstream-python icon indicating copy to clipboard operation
certstream-python copied to clipboard
verified publisher icon CaliDog

Error connecting to CertStream - Handshake status 521 None

Open maaaaz opened this issue 2 years ago • 7 comments

Hello there,

Since today, Tuesday December 5 04:27:42 UTC 2023, certstream-python can not connect to certstream:

# pip install certstream
Collecting certstream
  Downloading certstream-1.12.tar.gz (9.6 kB)
  Preparing metadata (setup.py) ... done
Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (from certstream) (1.1.0)
Requirement already satisfied: websocket-client>=0.58.0 in /usr/local/lib/python3.11/dist-packages (from certstream) (0.59.0)
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from websocket-client>=0.58.0->certstream) (1.16.0)
Building wheels for collected packages: certstream
  Building wheel for certstream (setup.py) ... done
  Created wheel for certstream: filename=certstream-1.12-py3-none-any.whl size=4728 sha256=9d6e4c0ec98f7beb282199f9511f3bbf58d9d79fb2f2ac49d0fc71130483301d
  Stored in directory: /sec/root/.cache/pip/wheels/88/02/89/d6a96184779630f955590660a4d2ad038ff39c9c4e7a77d9c1
Successfully built certstream

# certstream
[ERROR:certstream] 2023-12-05 11:04:32,394 - Error connecting to CertStream - Handshake status 521 None - Sleeping for a few seconds and trying again...

And a visit to https://certstream.calidog.io/ returns a CloudFlare 521 error: image

Any insight about the recovery of this awesome service ?

Cheers.

maaaaz avatar Dec 05 '23 11:12 maaaaz

Noticed here as well, relying heavily on this service. Hope Calidog manages to get the server back up!

r0bb3d avatar Dec 05 '23 17:12 r0bb3d

Do you know some alternative instances of certstream-server not being the official one "certstream.calidog.io" ?

Another solution could be to setup ourself an instance of a certstream server, either the official one; or the promising alternative https://github.com/d-Rickyy-b/certstream-server-go

EDIT : As I am using certstream in a github action workflow, I added a custom instanciation of a local alternative server with this snippet:

cd /tmp/
wget -nv "https://github.com/d-Rickyy-b/certstream-server-go/releases/download/v1.4.0/certstream-server-go_1.4.0_linux_amd64" && chmod u+x ./certstream-server-go_1.4.0_linux_amd64

cat > /tmp/config.yaml <<EOL
 webserver:
  listen_addr: "127.0.0.1"
  listen_port: 8080
  full_url: "/full-stream"
  lite_url: "/"
  domains_only_url: "/domains-only"
  cert_path: ""
  cert_key_path: ""

prometheus:
  enabled: false
  listen_addr: "0.0.0.0"
  listen_port: 8080
  metrics_url: "/metrics"
  expose_system_metrics: false
  real_ip: false
  whitelist:
    - "127.0.0.1/8"
EOL

nohup ./certstream-server-go_1.4.0_linux_amd64 > nohup.out 2> nohup.err < /dev/null &

certstream --url ws://127.0.0.1:8080

See https://github.com/appleboy/ssh-action/issues/40#issuecomment-602325598 for the nohup magic.

maaaaz avatar Dec 05 '23 19:12 maaaaz

Good stuff, thanks for pointing us in the right direction!

r0bb3d avatar Dec 06 '23 17:12 r0bb3d

Really appreciate this thread! Saved me a bunch of time after needing to migrate as well.

0xDAV1D-1 avatar Dec 10 '23 17:12 0xDAV1D-1

Seems like the certstream service has been repaired.

maaaaz avatar Dec 15 '23 23:12 maaaaz

Service down again, cf. https://github.com/CaliDog/certstream-python/issues/62

maaaaz avatar Feb 11 '24 22:02 maaaaz

Server went down from 3rd Feb 2024. Seems subscription was for only 1 year exactly.

Many thanks for this alternative. Go server works fine. You can change ip bind as you need. below will keep it for local use only:

webserver:
  listen_addr: "127.0.0.1"
  listen_port: 8080

ofc, monitoring over prometheus is optional. Try it out locally and should solve your problem.

mrtipale avatar Feb 21 '24 07:02 mrtipale