goaccess
goaccess copied to clipboard
LetsEncrypt Sep 30 Root Expiry broke ssl
Hello,
I'm running Goaccess on CentOS 7 and have just updated the ca-certificates package to solve the Let'sEncrypt root cert expiry on Sep 30.
This fixed my TLS SMTP and some other SSL related stuff.
However the web socket I use to get the live stats for GoAccess which is protected by the same LetsEncrypt cert does not work on MacOs Safari. It's still giving an expired cert date error.
On Firefox it connects ok.
Any ideas what the problem could be ??
The CentOS box with Goaccess is running OpenSSL 1.0.2.
It was all working fine on Sep 30th.
Thanks
Hi @akblissweb
You maybe start a new Profile [empty] or clean all Cache from your Browser and restart.
Its common the Browser too cache Certificate and do not try get new one from HTTPS
Server.
I hope that I could help You.
@akblissweb Any updates on this? Did it work? Thanks
Nothing in the browser cache worked. I didn't do a new profile yet. I am about to redo everything with docker containers so it will all be completely new soon. Will let you know if the issue goes away. In the meantime myself and my colleague have both switched to Firefox for looking at the stats as a workaround. 🤦
Thanks for the update. Please do let me know if it's still giving you issues after a full redo. Also, let me know if https://rt.goaccess.io presents an issue when using MacOs Safari, as it's using a LetsEncrypt cert.
Just checked. Mac Safari is giving the exact same issue on https://rt.goaccess.io , Firefox is ok.
Got it, I'm seeing some error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
on my end. I'll look into this and post back asap. Thanks again for the update.
Question for you. So far I'm not able to reproduce this issue. Can you please post a screenshot of the error message you are seeing on your end when you browse https://rt.goaccess.io? also, are you getting the same error when browsing https://goaccess.io?
Thanks.
Just to clarify. The cert works for ssl so your main site doesn't have an issue. It only affects the real-time html web socket.
[Image]
I just tried going thru my Mac Keychain again but was unable to find anything relating to the offending old ca cert.
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Gerardo O. @.> Sent: Monday, December 13, 2021 7:50:30 AM To: allinurl/goaccess @.> Cc: akblissweb @.>; Mention @.> Subject: Re: [allinurl/goaccess] LetsEncrypt Sep 30 Root Expiry broke ssl (#2200)
Question for you. So far I'm not able to reproduce this issue. Can you please post a screenshot of the error message you are seeing on your end when you browse https://rt.goaccess.io? also, are youu getting the same error when browsing https://goaccess.io?
Thanks.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/allinurl/goaccess/issues/2200#issuecomment-991995840, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADPIE4RZKTJJVHFNUMUNKG3UQUYMNANCNFSM5FHBKUYQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
It looks like the image was not posted. Also, what version of safari are you using and macOS? Thanks
![Screen Shot 2021-12-13 at 1 08 28 PM](https://user-images.githubusercontent.com/14582386/145755982-c7c5d7d2-4ae3-4d67-ad14-6e82d9c7a90d.png)
![Screen Shot 2021-12-13 at 1 07 56 PM](https://user-images.githubusercontent.com/14582386/145755987-6bbea837-7d0b-4537-8f58-16288563e65f.png)
![Screen Shot 2021-12-13 at 1 07 18 PM](https://user-images.githubusercontent.com/14582386/145756012-5f849056-483a-4044-be66-3b8b187f1dcb.png)
That option is not on my Mac Safari. It's only available on IOS it seems.
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: 0bi-w6n-K3nobi @.> Sent: Thursday, December 16, 2021 7:05:35 AM To: allinurl/goaccess @.> Cc: akblissweb @.>; Mention @.> Subject: Re: [allinurl/goaccess] LetsEncrypt Sep 30 Root Expiry broke ssl (#2200)
Hi @akblisswebhttps://github.com/akblissweb
Try it from this posthttps://stackoverflow.com/questions/37898048/websocket-network-error-osstatus-error-9807-invalid-certificate-chain at stackoverflow.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/allinurl/goaccess/issues/2200#issuecomment-995283146, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADPIE4RS7LOKYCYIQGPQ4CLURENL7ANCNFSM5FHBKUYQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
That thread is about an untrusted self-signed cert. Mine is a supposedly valid letsencrypt cert which works in all places except goaccess in safari.
After sep 30th it broke everywhere and I made the necessary changes to ca-certificates. This fixed most issues but not the goaccess on safari. So ever since I switched to Firefox. :-)
It's not a deal breaker... Just a mystery.
Maybe if I upgraded the Mac to the very latest software it would go away.
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: 0bi-w6n-K3nobi @.> Sent: Thursday, December 16, 2021 7:54:29 AM To: allinurl/goaccess @.> Cc: akblissweb @.>; Mention @.> Subject: Re: [allinurl/goaccess] LetsEncrypt Sep 30 Root Expiry broke ssl (#2200)
Humm...
@akblisswebhttps://github.com/akblissweb
Let's try again herehttps://github.com/jupyterhub/jupyterhub/issues/292#issuecomment-270429714...
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/allinurl/goaccess/issues/2200#issuecomment-995307966, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADPIE4UZBAG4T4KLF3SOFDTURETDLANCNFSM5FHBKUYQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.