Bonjour,
(Ceci est mon premier message sur ce forum, merci pour l'aide que vous m'avez apporté jusqu'ici sur tous les topics que j'ai pu lire)
Je pocède 4 serveurs Ubuntu (deux 18.04.2 et deux 16.04.6) avec Virtualmin sur lesquels j'ai le même souci récurrent mais indéfini dans le temps.
Au bout de X temps, toutes mes requêtes CURL ou demandes de certificats Let's Encrypt sont en erreur de "SSL handshake".
Et la seule solution que j'ai trouvé, c'est de faire un "apt install ca-certificates --reinstall" pour régler le problème.
Petite info supplémentaire à prendre avec des pincettes, j'ai "l'impression" que le problème survient après des "apt-get upgrade".
Auriez-vous des idées pour m'aider à régler ce souci.
Voici des exemples d'erreurs :
<?php
$url ='https://xxxxxx.databowl.com/api/v1/lead';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($curlhandle, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query('')); // j'ai retiré les variable volontairement
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
$curl_error = curl_error($ch);
curl_close ($ch);
print_r($curl_error);
print_r(json_decode($server_output));
qui retourne
error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
Ou le log letsencrypt.log
2020-05-25 14:59:06,825:DEBUG:certbot.main:certbot version: 0.27.0
2020-05-25 14:59:06,825:DEBUG:certbot.main:Arguments: ['-a', 'webroot', '-d', 'mon.domaine.com', '--webroot-path', '/home/mondomaine/public_html', '--duplicate', '--force-renewal', '--manual-public-ip-logging-ok', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/66878_31751_1_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'mon.domaine.com']
2020-05-25 14:59:06,826:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-05-25 14:59:06,832:DEBUG:certbot.log:Root logging level set at 20
2020-05-25 14:59:06,832:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-05-25 14:59:06,833:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-05-25 14:59:06,833:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f285239add8>
Prep: True
2020-05-25 14:59:06,833:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f285239add8> and installer None
2020-05-25 14:59:06,833:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-05-25 14:59:06,836:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/78375775', new_authzr_uri=None, terms_of_service=None), 71714ce402ed90996c097430934b660b, Meta(creation_dt=datetime.datetime(2020, 2, 17, 11, 24, 2, tzinfo=<UTC>), creation_host='ns1.mfmdigital.ovh'))>
2020-05-25 14:59:06,837:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-05-25 14:59:06,838:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-05-25 14:59:07,140:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 332, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 817, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 11, in <module>
load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1238, in certonly
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 648, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 247, in __init__
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 50, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 520, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 630, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))
2020-05-25 14:59:07,142:ERROR:certbot.log:An unexpected error occurred:
D'avance merci
