ptrumpis
[Server]: Fresh start fails to load certificates
Add a description
Hello!
I was having a client issue with any non-cached lenses loading forever.
I decided to try fixing the issue by updating the server to V3.4.1 (Current Latest) but it doesn't start properly.
Nginx complains about the certificate not containing "Trusted", according to my research it could be an issue with permissions or the path.
Maybe it is not reading the file at all as I got this error before I discovered I needed to copy the certificates to /ect/ssl.
The V3.2 server was working perfectly for a few months.
Reinstalling V3.2 doesn't work, I am not sure what is different compared to the original which still runs fine.
Steps to Reproduce
- Download Snap Camera server v3.4.1 to Ubuntu 20.04 CLI and unzip.
- Run ./gencert.sh ->
req: Can't open "./ssl/studio-app.snapchat.com.key" for writing, Is a directory - Delete and recreate folder without key folders, run gencert.sh again.
Snap camera server expects the certificates in
/etc/ssl/cert...now, upgrading from v3.2 - Copy the crt to
/etc/ssl/cert/studio-app...and the key file to/etc/ssl/private/studio-app... - Delete the ssl folder to regenerate.
- Run
Docker compose upin main dir -> Web proxy error:
nginx: [emerg] cannot load certificate "/etc/ssl/certs/studio-app.snapchat.com.crt": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
Tried to fix by:
- Adding "TRUSTED" to the BEGIN and END sections.
- Changing permissions of the certificate and links to my user
- Running the server with Sudo
- In files like
nginx/default.conf.templatetried changing all the paths to the local./ssl/and ran a fresh start. - #105 Adding certificates also to
/usr/localand runningupdate-ca-certificates
Other versions tested
- V3.4.0 Error: cannot load certificate ... Expecting: TRUSTED CERTIFICATE
- V3.3.4 Error "Blob not defined" webidl.util.MakeTypeAssertion(Blob)
- V3.3.0 Same issue as above
- V3.2.0 Same as above
Server Version
Other
Operating System
Other
Confirm
- [x] I confirm that the 📘 Wiki did not resolve my issue.
- [x] I confirm that the 💬 Discussions did not resolve my issue.
- Copy the crt to /etc/ssl/cert/studio-app... and the key file to /etc/ssl/private/studio-app...
- Delete the ssl folder to regenerate.
Why would you do that? Setup instructions don't mention anything like that.
docker compose will handle the file copy.
If you delete the ssl folder before running docker compose there is nothing to copy.
Why would you do that? Setup instructions don't mention anything like that.
In step 2 (After running ./gencert.sh) I get an error that it could not write the certificate files.
I investigated and found folders by the same names, after realizing they were links I manually placed the certificates in the correct locations and tried again.
The reason I deleted/recreated the ssl folder was to have docker compose regenerate the needed links after obtaining the certificate files that failed to save the first time.
Step 3 - Deleted the links in the ssl folder to temporarily fix the issue ./gencert.sh was having.
Step 5 - Reset to the default state now that I have the certificates.
Edit: (This was because running docker with the certificates in ./ssl would throw an error about attempting to mount a dir onto a file. I figured I shouldn't mess with the paths and place the certificates where the app looks for them)
Back to the Can't open "..." for writing, Is a directory error, I have a theory that something might be wrong with my Ubuntu server that isn't allowing writing files through links.
I will have to investigate that tomorrow, and thanks for the reply.
PS: Just to make sure it's not a permission issue: I tried running ./gencert.sh with sudo, same error.