Comments (34)
No problem, @JonTheStone. Might be worth a try removing it, but best of luck!
@mattbarrry THANK YOU! That was 100% the problem. I installed the latest version of Airbrake gem and removed the certified
gem and it worked like a charm.
@Brandon21318 @mmcdaris please see the above solution
from airbrake.
Seems to still persist on our side. However the error message has slightly changed. The old message being:
bundle stderr: **Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (certificate has expired)
has now changed to:
**Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (self signed certificate in certificate chain)
So it would seem that the certificate has been updated, however verification with the new one still fails.
We're using version 11.0.0 of the airbrake gem and 5.0.2 of airbrake-ruby
Hi,
We (airbrake team) have updated our certificate. The new cert includes an SSL.com Root cert which was created in 2016. We have had other customers with either an old version of an ssl library or an old OS (such as Ubuntu 14.04) which did not include this certificate, and it needed to be manually added to the trusted root certs. If this is a task you are able to complete yourself, the certificate can be downloaded from here:
https://www.ssl.com/how-to/install-ssl-com-ca-root-certificates/#downloads
You'll need the SSL_COM_TLS_RSA download which includes the SSLcomRootCertificationAuthorityRSA.crt file.
If you need further assistance, can you please provide errors after installing the Root certificate from SSL.com?
from airbrake.
Seems to still persist on our side. However the error message has slightly changed. The old message being:
bundle stderr: **Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (certificate has expired)
has now changed to:
**Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (self signed certificate in certificate chain)
So it would seem that the certificate has been updated, however verification with the new one still fails.
We're using version 11.0.0 of the airbrake gem and 5.0.2 of airbrake-rubyHi,
We (airbrake team) have updated our certificate. The new cert includes an SSL.com Root cert which was created in 2016. We have had other customers with either an old version of an ssl library or an old OS (such as Ubuntu 14.04) which did not include this certificate, and it needed to be manually added to the trusted root certs. If this is a task you are able to complete yourself, the certificate can be downloaded from here:
https://www.ssl.com/how-to/install-ssl-com-ca-root-certificates/#downloads
You'll need the SSL_COM_TLS_RSA download which includes the SSLcomRootCertificationAuthorityRSA.crt file.
If you need further assistance, can you please provide errors after installing the Root certificate from SSL.com?
That seems to have done the trick, yep.
The issue was that we were using the older OS.
from airbrake.
Thanks for working with me on this! I'll email with the results.
from airbrake.
No need @Brandon21318 - sorry, I should have posted in the original question.
It looks like we had added the certified
gem at some point in the past. It broke with Ruby 3.x - stevegraham/certified#19
Removing the (seemingly) unnecessary gem fixed the problem for us, without having to do any of the other steps in the thread. I'm a little shaky on the why, but my assumption is the certs from the gem were overriding anything else we were trying above, and we couldn't update the certs via the gem because it's broken.
Anyways, this solved it for me, and hoping it solves it for someone else!
from airbrake.
We're getting ssl errors in the browser and through Sharpbrake for the last 24 hours.
from airbrake.
No need @Brandon21318 - sorry, I should have posted in the original question.
It looks like we had added the
certified
gem at some point in the past. It broke with Ruby 3.x - stevegraham/certified#19Removing the (seemingly) unnecessary gem fixed the problem for us, without having to do any of the other steps in the thread. I'm a little shaky on the why, but my assumption is the certs from the gem were overriding anything else we were trying above, and we couldn't update the certs via the gem because it's broken.
Anyways, this solved it for me, and hoping it solves it for someone else!
Hey there! No, we're on ruby 2.7.5 and we do have the certified gem, but I don't believe that's the issue
from airbrake.
Same problem here.
from airbrake.
Seeing the same issue during a deploy. Notifying airbrake of a deploy, however the deploy fails when the notifying fails.
Quite possibly similar, if not the same issues in previous years:
from airbrake.
Same here.
from airbrake.
What version of the gem are you using @brainwipe @Kilvak @xMKx ?
from airbrake.
What version of the gem are you using @brainwipe @Kilvak @xMKx ?
We're @ 5.0.2 .
from airbrake.
We got an email confirmation from airbrake - they fixed this.
from airbrake.
Seems to still persist on our side. However the error message has slightly changed.
The old message being:
bundle stderr: **Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (certificate has expired)
has now changed to:
**Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (self signed certificate in certificate chain)
So it would seem that the certificate has been updated, however verification with the new one still fails.
We're using version 11.0.0 of the airbrake gem and 5.0.2 of airbrake-ruby
from airbrake.
We're seeing this as well during Capistrano deploys and on v10.0.4. No airbrake-ruby gem, just the airbrake gem.
from airbrake.
Seems to still persist on our side. However the error message has slightly changed. The old message being:
bundle stderr: **Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (certificate has expired)
has now changed to:
**Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (self signed certificate in certificate chain)
So it would seem that the certificate has been updated, however verification with the new one still fails.
We're using version 11.0.0 of the airbrake gem and 5.0.2 of airbrake-rubyHi,
We (airbrake team) have updated our certificate. The new cert includes an SSL.com Root cert which was created in 2016. We have had other customers with either an old version of an ssl library or an old OS (such as Ubuntu 14.04) which did not include this certificate, and it needed to be manually added to the trusted root certs. If this is a task you are able to complete yourself, the certificate can be downloaded from here:
https://www.ssl.com/how-to/install-ssl-com-ca-root-certificates/#downloads
You'll need the SSL_COM_TLS_RSA download which includes the SSLcomRootCertificationAuthorityRSA.crt file.
If you need further assistance, can you please provide errors after installing the Root certificate from SSL.com?
We seem to still be having issues and we're on Ubuntu 20.04 for our instances.
from airbrake.
We seem to still be having issues and we're on Ubuntu 20.04 for our instances.
And you installed the SSL.com root certificate/verified that it is installed on the affected machine?
from airbrake.
We seem to still be having issues and we're on Ubuntu 20.04 for our instances.
And you installed the SSL.com root certificate/verified that it is installed on the affected machine?
I believe so, yes.
Receiving this error: **Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Ran the following as root user to install:
wget https://d1smxttentwwqu.cloudfront.net/wp-content/uploads/2023/05/SSL_COM_TLS_RSA.zip?_gl=1*te4qsg*_gcl_au*NDAxMjQwMi4xNjk0Nzg5NjAx
unzip SSL_COM_TLS_RSA.zip?_gl=1*te4qsg*_gcl_au*NDAxMjQwMi4xNjk0Nzg5NjAx
mv /home/[MY USER]/SSL_COM_TLS_RSA/SSLcomRootCertificationAuthorityRSA.crt /usr/local/share/ca-certificates/
update-ca-certificates
I also rebooted both machines after these steps
from airbrake.
I believe so, yes.
Receiving this error:
**Airbrake: HTTP error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Ran the following as root user to install:
wget https://d1smxttentwwqu.cloudfront.net/wp-content/uploads/2023/05/SSL_COM_TLS_RSA.zip?_gl=1*te4qsg*_gcl_au*NDAxMjQwMi4xNjk0Nzg5NjAx unzip SSL_COM_TLS_RSA.zip?_gl=1*te4qsg*_gcl_au*NDAxMjQwMi4xNjk0Nzg5NjAx mv /home/[MY USER]/SSL_COM_TLS_RSA/SSLcomRootCertificationAuthorityRSA.crt /usr/local/share/ca-certificates/ update-ca-certificates
I also rebooted both machines after these steps
Thanks for the info @JonTheStone.
We had similar problems after running the same steps on our Jenkins host. Turns out the update-ca-certificates did not install the certificates where Jenkins was looking for the certificates, at
sql:/var/lib/jenkins/.pki/nssdb/
So we had to use certutil:
jenkins@jenkins:/home/breynolds$ certutil -d sql:/var/lib/jenkins/.pki/nssdb/ -A -t "CT,c,c" -n "SSL.com" -i /usr/local/share/ca-certificates/ssl-com-root.crt
jenkins@jenkins:/home/breynolds$ certutil -d sql:/var/lib/jenkins/.pki/nssdb/ -L | grep SSL
SSL,S/MIME,JAR/XPI
SSL.com CT,c,c
For example if you are using Jenkins. If not if you can share more info about the environment I can try and assist in troubleshooting.
Thanks,
Brandon
from airbrake.
Not entirely sure where Capistrano/airbrake
would be looking, but thanks for the info!
from airbrake.
Not entirely sure where
Capistrano/airbrake
would be looking, but thanks for the info!
You could verify that the certs are installed at /etc/ssl/certs/ by running the following:
breynolds@jenkins:~$ openssl s_client -showcerts -servername airbrake.io -connect airbrake.io:443 -CApath /etc/ssl/certs/ | openssl x509 -noout -dates
depth=2 C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority RSA
verify return:1
depth=1 C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com RSA SSL subCA
verify return:1
depth=0 CN = *.airbrake.io
verify return:1
notBefore=Sep 12 14:47:25 2023 GMT
notAfter=Oct 18 14:47:25 2023 GMT
from airbrake.
Seem to be there
root@[SERVER]:/home/[USER]# openssl s_client -showcerts -servername airbrake.io -connect airbrake.io:443 -CApath /etc/ssl/certs/ | openssl x509 -noout -dates
depth=2 C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority RSA
verify return:1
depth=1 C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com RSA SSL subCA
verify return:1
depth=0 CN = *.airbrake.io
verify return:1
notBefore=Sep 12 14:47:25 2023 GMT
notAfter=Oct 18 14:47:25 2023 GMT
from airbrake.
Ok. Gonna get with the ruby dev team and see if they have any input on where Capistrano/airbrake would be looking. Thanks for the info Jon.
from airbrake.
Ok. Gonna get with the ruby dev team and see if they have any input on where Capistrano/airbrake would be looking. Thanks for the info Jon.
Thanks. I just rebooted the machines and tried again but still failing. Let me know if you need anything else from me.
Also, FWIW, this is the airbrake:deploy
Capistrano step in our deploy process
from airbrake.
One more thing Jon,
Can you provide the output for the following:
openssl version
openssl version -d
from airbrake.
OpenSSL 1.1.1f 31 Mar 2020
and OPENSSLDIR: "/usr/lib/ssl"
respectively
from airbrake.
Jon,
Would you try setting the following ENV variable in your Ruby code:
ENV['SSL_CERT_DIR'] = '/etc/ssl/certs/'
from airbrake.
Tried adding to the .env file on the server as well as running this: RAILS_ENV=staging SSL_CERT_DIR='/etc/ssl/certs' bundle exec rake airbrake:deploy
and got the same error as before
from airbrake.
Hi @JonTheStone, sorry for the issues with this, can you try this next? Thanks for all your patience.
If we want to break off into a private thread feel free to email us details to [email protected] and we can continue there.
We can do some more iterations and just post back what worked here once we get it sorted.
Okay next try saving this script as airbrake_req.rb
require 'net/http'
require 'uri'
uri = URI.parse("https://airbrake.io/")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(uri.request_uri)
http.request(request)
Then we can strace it to grep for to "cert" to see what matches we get. The idea being to see where ruby is looking when it's checking for certs.
strace ruby airbrake_req.rb 2>&1 | grep "cert"
If you see no output you can grep for some other clues but please double check there is no sensitive data in the output if shared.
from airbrake.
I've been following along here, suffering from basically the same issue. @JonTheStone - any chance you're on Ruby 3.x and using the certified gem?
from airbrake.
Hi mattbarry,
Can you try steps listed here: #1254 (comment)
And create an email chain with [email protected]? I am working with Jon there now following these steps and can jump in and follow up with you as well.
from airbrake.
No problem, @JonTheStone. Might be worth a try removing it, but best of luck!
from airbrake.
That's excellent news!
from airbrake.
Thanks for reporting this one and providing detailed reports. I'll close this one out, if anyone still needs help please email [email protected] and we'll get you sorted 👍
from airbrake.
Related Issues (20)
- airbrake issues with lack of details HOT 1
- Airbrake does not track DB queries with MongoDB HOT 1
- Some people can get the alarm email, some people can't HOT 2
- APM only showing root paths HOT 1
- Airbrake Gem Attempts to Connect to Database in Databaseless App in Rails 6 HOT 4
- Airbrake 500 Errors HOT 31
- Airbrake and ruby 3.1 versions, change display of ErrorHighlight errors HOT 3
- Premature notification in Airbrake::Sidekiq::RetryableJobsFilter HOT 10
- Airbrake 13 SystemStackError:stack level too deep HOT 13
- Rails 7.0.3 with ruby 3.0.2 undefined method `new' for "Airbrake::Rack::Middleware":String (NoMethodError) HOT 2
- Mention options on how to disable performance/query/job stats HOT 1
- Airbrake seems to conflict with Scout and NR
- Rails 3.2 LTS error: uninitialized constant `Airbrake::Rails::ActiveRecord::Base`
- No clear documentation in terms of information being collected by default which includes PII
- <empty error message> when using a logger with a block HOT 1
- Filter user object fields passed to Airbrake HOT 1
- Use a different replacement per field
- Rails check is insufficient
- Exceptions raised during streaming via ActionController::Live are not caught HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from airbrake.