uptime-kuma
uptime-kuma copied to clipboard
Matrix - Unable to verify the first certificate
⚠️ Please verify that this bug has NOT been raised before.
- [X] I checked and didn't find similar issue
🛡️ Security Policy
- [X] I agree to have read this project Security Policy
📝 Describe your problem
I set Matrix (Synapse) as notification-provider but when I send a test-message, I get an error.
and Log:
Now my question, how can I install my self-signed RootCA or deactivate TLS-Check?
PS.: Uptime-Kuma has a Proxy over Traefik
I import the CA Certificate on the host, with curl -XPOST -d '{"type": "m.login.password", "identifier": {"user": "botusername", "type": "m.id.user"}, "password": "passwordforuser"}' "https://home.server/_matrix/client/r0/login"
I became a right output without faults.
🐻 Uptime-Kuma Version
1.17.1
💻 Operating System and Arch
Ubuntu 20.04.4 LTS
🌐 Browser
GC 103.0+
🐋 Docker Version
20.10.17
🟩 NodeJS Version
No response
Can no one help?
I have the same problem with homebridge. It seems to be problem with the web-server part , Because curl is raising the error too.
My problem is, that checking 'Certificate Expiry' is not working when 'ignore TLS/SSL-errors' is active. That should be changed.
I have the same problem with homebridge. It seems to be problem with the web-server part , Because curl is raising the error too.
My problem is, that checking 'Certificate Expiry' is not working when 'ignore TLS/SSL-errors' is active. That should be changed.
And what exactly did you do to solve the problem?
As a user, I can't!
Kuma does not send a notification on cert expiry, when you set 'irgnore TLS/SSL-errors'. From my point this is a bug to kuma.
On the other hand, it is a bug to the webserver-engine of your/mine smarthome software. Don't know if this is nginx, Node.js etc. But as far as I researched, this first-cert-issue is on them. With a web browser there is no problem, they do know this middle-CA. But curl (and kuma) can't resolv this problem. The very same cert on Apache server does not have this problem with curl or kuma.
Same problem here.
Yeahr but I think its possible to add a tag to curl when kuma will send a message. The tag is "--insecure"
False alarm for me, sorry, problem of conf in the certificate following renewal.
Can you not place your own CA cert into /etc/ssl/certs/
via a bind mount? I'm not sure if Uptime Kuma itself as part of the upstart process will call the command update-ca-certificates
though.
That might need to be added to the docker.
Can you not place your own CA cert into
/etc/ssl/certs/
via a bind mount? I'm not sure if Uptime Kuma itself as part of the upstart process will call the commandupdate-ca-certificates
though.That might need to be added to the docker.
Tried months ago, doesn't work.
Can you not place your own CA cert into
/etc/ssl/certs/
via a bind mount? I'm not sure if Uptime Kuma itself as part of the upstart process will call the commandupdate-ca-certificates
though. That might need to be added to the docker.Tried months ago, doesn't work.
Did you try running update-ca-certificates
from a console within the docker container first?
Setting a valid CA cert appears to have been handled in this thread: https://github.com/louislam/uptime-kuma/issues/1380
so for my problem with homebridge (via node.js) the solution was simple. In the config of homebridge I just changed the path to cert.pem
to fullchain.pem
.
so for my problem with homebridge (via node.js) the solution was simple. In the config of homebridge I just changed the path to
cert.pem
tofullchain.pem
.
In the case of certificates issued from Letsencrypt etc... the full chain of certificates including the CA (certificate authority), the intermediate CA certificate as well as your own domain's issued certificate must be supplied added to your service (e.g. homebridge / nginx etc... must use the fullchain.pem which contains the full chain) or some devices will be unable to verify the trust chain from your domain's certificate back to a trusted root CA certificate due to the missing middle link of the intermediate certificates.
This issue was originally filed by someone trying to use their own root CA and sub-certificates (I think). If using your own certificate authority, the details of adding the new CA certificates/trust chain are detailed in https://github.com/louislam/uptime-kuma/issues/1380 using the NODE_EXTRA_CA_CERTS environment variable.
We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.
This issue was closed because it has been stalled for 2 days with no activity.
how to solve this problem ?
Hello, I noticed I have the exact same error when I use certificates that I have to replace each year by a new one (officially signed by an external accreditation platform). It's like UptimeKuma keeps in memory the first certificate it checks and doesn't replace it with the new one, or doesn't change which certificate it checks. Any idea?
Are you sure it's Kuma? I had a similar issue. But here it was Homebridge (NodeJS), that doesn't use the new certificate automatically, which I copied by script from a different machine via ssh. I need to reboot that RaspberryPi after each renewal of the LetsEncrypt Wildcard cert, which is done by the copy script, too (following night 3am via at
).
Hey! I think so, but not sure. In my case it's pretty straightforward. I handle the certificates with NginxProxyManager for each of my application, and when I renew my certificate, I delete the old one, and add a new .cert file. My web browsers don't have any issue with the new certificates by the way. For now I deactivated the SSL check in Kuma, but don't really know what to do else.
same problem