Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Self-signed Certificates #131

Closed
beschoenen opened this issue Jan 28, 2023 · 5 comments
Closed

Support for Self-signed Certificates #131

beschoenen opened this issue Jan 28, 2023 · 5 comments
Assignees
@mattwebbio

Comments

@beschoenen
Copy link

What feature would you like added?

I'm running my internal services solely over https, and would like to be able to configure orbital-sync to ignore self-signed certificate errors.

Version

No response

Log output

1/28/2023, 11:46:34 AM: ➡️ Signing in to http://pi-hole/admin...
1/28/2023, 11:46:34 AM: ✔️ Successfully signed in to http://pi-hole/admin!
1/28/2023, 11:46:34 AM: ➡️ Downloading backup from http://pi-hole/admin...
1/28/2023, 11:46:35 AM: ✔️ Backup from http://pi-hole/admin completed!
1/28/2023, 11:46:35 AM: ➡️ Signing in to https://pi-hole.nas.local/admin...
1/28/2023, 11:46:35 AM: ⚠ Failure: An unexpected error was thrown:
- FetchError: request to https://pi-hole.nas.local/admin/index.php?login failed, reason: self-signed certificate in certificate chain
1/28/2023, 11:46:35 AM: ⚠ Failure: 0/1 hosts synced.
@sambartik sambartik mentioned this issue Apr 8, 2023
Closed
@sambartik
Copy link

Hello, there is already a way to trust additional certs: https://nodejs.org/api/cli.html#node_extra_ca_certsfile

@joeavelar
Copy link

Hello, there is already a way to trust additional certs: https://nodejs.org/api/cli.html#node_extra_ca_certsfile

Hi @sambartik, I'm a noob so could you toss me a bone. ;) I added the following line to my docker compose file:

  • SSL_CERT_FILE: './ssl-cert.pem'

but I'm still seeing this error in the logs.

6/24/2023, 8:55:02 PM: ➡️ Signing in to https://pi-hole.local.com/admin...
6/24/2023, 8:55:02 PM: ⚠ Failure: An unexpected error was thrown:

How should we be enabling this with a docker container? Thank you.

@ad3m3r5
Copy link

ad3m3r5 commented Jun 26, 2023

Hey @joeavelar, I just came across this same issue and here's how I fixed it using the above reference with Docker compose:

volumes:
  - /my/host/path/certificateName.crt:/usr/local/share/ca-certificates/certificateName.crt
environment:
  NODE_EXTRA_CA_CERTS: '/usr/local/share/ca-certificates/certificateName.crt'

Obviously I'm using a CA certificate and the solution might be a little different if it's a single cert.

@badnetmask
Copy link

What I am going to say here is no way secure. It's just a workaround in case you need it.
I am using a self-signed certificate, which I could have workaround with the NODE_EXTRA_CA_CERTS variable, but it did not work because the cert is expired, so I found out about this:

NODE_TLS_REJECT_UNAUTHORIZED: 0

This completely ignores whatever is wrong with the certificates.
Use at your own risk. Not a legal advice. 😁

@beschoenen
Copy link
Author

Thanks for all the info guys, I've since switched to running Let's Encrypt certificates inside my home network, so this issue is not needed for me anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattwebbio mattwebbio

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

POC: Trust certs in /trusted-certs dir sambartik/orbital-sync
6 participants
@mattwebbio @badnetmask @beschoenen @ad3m3r5 @joeavelar @sambartik