Ignore certificate warnings

[sbromberger]

Hi all,

My organization proxies / MITMs HTTPS. As a result, I get the following error on exercism configure:

Error: The base API URL 'https://api.exercism.io/v1' cannot be reached.

Get https://api.exercism.io/v1/ping: x509: certificate signed by unknown authority

Is there a way to tell the client to ignore certificate warnings (or is there a way to point it to an alternate certificate)?

[sbromberger]

Ah, silly me. Just found the --no-verify argument.

[sbromberger]

Oops - spoke too soon. download doesn't accept --no-verify. Any ideas?

[kytrinyx]

Oh, dang, that's not a very good experience.

We should make all the commands accept the --no-verify flag!

[xtian]

Just ran into this as well. --no-verify works for configure but I need it for the other commands too.

[jonatancortes]

What's the point of implementing --no-verify in a single command, or subset of commands? It should be implemented globally.

[buzdu]

Oops - spoke too soon. download doesn't accept --no-verify. Any ideas?

Is there any way around this?

[SirWerto]

Good afternoon, just a ping on this :)

[jacobrhn]

Stumbling in the same problem over here.. Any updates / workarounds on this issue?

I was able to configure the API using the --no-verify command. HTTP and HTTPS Proxys are set correctly using my credentials... in the following my

exercism troubleshoot

Troubleshooting Information
===========================

Version
----------------
Current: 3.0.13
Latest:  <unknown>

Error: Get https://api.github.com/repos/exercism/cli/releases/latest: x509: certificate signed by unknown authority

Call 'exercism upgrade' to get the latest version.
See the release notes at https://github.com/exercism/cli/releases/tag/ for details.


Operating System
----------------
OS:           linux
Architecture: amd64


Configuration
----------------
Home:     ~/snap/exercism/5
Workspace: ~/data/exercism
Config:    ~/snap/exercism/5/.config/exercism
API key:   ************************************

API Reachability
----------------

GitHub:
    * https://api.github.com
    * [Get https://api.github.com: x509: certificate signed by unknown authority]
    * 18.70502158s

Exercism:
    * https://api.exercism.io/v1/ping
    * [Get https://api.exercism.io/v1/ping: x509: certificate signed by unknown authority]
    * 125.24658ms


If you are having trouble please file a GitHub issue at
https://github.com/exercism/exercism.io/issues and include
this information.

P.S:

We should make all the commands accept the --no-verify flag!

This would allready be so helpfull... Or even better to be able to change the configuration of course.

[SleeplessByte]

@jacobrhn I know that snap is unsupported.

Normally, when I encounter this issue, first thing I do is make sure my root certificates are up to date. Usually this error occurs in one of two reasons:

• Using a self-signed certificate (that would mean that we, Exercism, did self sign the endpoint). This is not the case, and you can also see it's failing for Github in the log.
• The certificate bundle on the machine is not up to date. The certificates were signed with a root certificate that you don't have.

On apt based machines (like debian) I would fix this by running:

sudo apt-get install ca-certificates

# Sometimes I'd need the following too
sudo update-ca-certificates

I have no clue how to fix this for snap, but "upgrading" snap may resolve it?

[jacobrhn]

Got the CLI working now.

Thanks @SleeplessByte for your advide - it wasn't the final solution for me but your indication about snap led me on the right path!

AfterI updated the certificates as recomended and saw no improvement I read #973 and installed the CLI using src. Following the installation guide I could resolve the problems.

Now only IntelliJ is "rebellious" and doesn't want to accept my submits (Error: failed to parse API error response: invalid character '<' looking for beginning of value) even though the same command succeedes in the normal terminal. But that problem's for another day and issue-log :)

Troubleshooting Information
===========================

Version
----------------
Current: 3.0.13
Latest:  3.0.13


Operating System
----------------
OS:           linux
Architecture: amd64


Configuration
----------------
Home:      ~
Workspace: ~/data/exercism
Config:    ~/.config/exercism
API key:   63b1*****************************76b

API Reachability
----------------

GitHub:
    * https://api.github.com
    * [connected]
    * 88.362121ms

Exercism:
    * https://api.exercism.io/v1/ping
    * [connected]
    * 248.599689ms

[n8jhj]

I ran into this problem on Windows with WSL. (Using WSL mainly because installing MinGW or Cygwin for accessing GCC is a bit of a pain.) I got around this by adding the Exercism certificate to my system as follows:

1. Go to any exercism.org webpage.
2. Get the certificate. For Firefox (other browsers are similar): Lock icon at left end of address bar > Connection secure > More information. Window pops up. Security tab > View Certificate. Should open in new tab. Scroll down to Miscellaneous section > In Download row, click on PEM (cert) link. This downloads the cert .pem file.
3. Go into WSL.
4. Navigate to your directory for certificate data files to make the rest of the commands easier: cd /usr/share/ca-certificates/mozilla
5. Move the certificate to WSL file system: sudo mv /mnt/c/Users/username/Downloads/exercism-org.pem Exercism_Org.pem
6. Change mode to match other certs in this location (on my system all other certs have mode -rw-r--r--): sudo chmod a-x,og-w Exercism_Org.pem
7. Change owner to match other certs (for me, user and group are both root): sudo chown root:root Exercism_Org.pem
8. Make a soft/symbolic link to it from your SSL certificates directory: sudo ln -st /etc/ssl/certs Exercism_Org.pem

And that solved it for me! I hope that helps someone else out there.