个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
26
4
我有一个与第三方网络服务集成的 Rails 应用程序。自最初开发多年以来,它一直运行良好。由于一些意想不到的原因,它突然停止工作了。我会说我们没有更改代码中的任何内容。唯一可能相关的是我们的 Letsencrypt SSL 证书已过期并且我们更新了它。
事实是我在调用网络服务请求时遇到了这个错误:
E, [2022-02-17T19:53:25.385435 #32501] ERROR -- : SSL_connect returned=1 errno=0 state=error: certificate verify failed
E, [2022-02-17T19:53:25.385876 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi/adapter/httpclient.rb:28:in `rescue in request'
E, [2022-02-17T19:53:25.386103 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi/adapter/httpclient.rb:24:in `request'
E, [2022-02-17T19:53:25.386358 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi.rb:161:in `request'
E, [2022-02-17T19:53:25.386658 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi.rb:127:in `get'
E, [2022-02-17T19:53:25.386909 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/resolver.rb:43:in `load_from_remote'
E, [2022-02-17T19:53:25.387150 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/resolver.rb:33:in `resolve'
E, [2022-02-17T19:53:25.387349 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:142:in `xml'
E, [2022-02-17T19:53:25.387606 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:160:in `parse'
E, [2022-02-17T19:53:25.387887 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:147:in `parser'
E, [2022-02-17T19:53:25.388162 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:64:in `soap_actions'
E, [2022-02-17T19:53:25.388432 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/operation.rb:22:in `ensure_exists!'
E, [2022-02-17T19:53:25.388696 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/operation.rb:15:in `create'
E, [2022-02-17T19:53:25.388955 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/client.rb:32:in `operation'
E, [2022-02-17T19:53:25.389214 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/client.rb:36:in `call'
我对证书一点都不熟练。所以,我找到了这篇文章:SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed基本上我尝试了几乎所有我看到的东西,但没有任何效果。
生产环境在 Ubuntu 14.04.6 LTS (GNU/Linux 3.13.0-36-generic x86_64) 下运行 AWS EC2 实例。
根据我的阅读,它可能与 ruby 中的 SSL 库有关。这是有道理的,因为我注意到我在使用 ruby 在我的 webapp 中请求时遇到了这个错误,但是如果我请求使用 curl,比如 curl --header "Content-Type: text/xml;charset=UTF- 8"--data @request.xml https://www.booking-manager.com/cbm_web_service2/services/CBM 我得到了一个成功的数据响应。
关于我的 ruby 环境:
rvm info
ruby-2.4.9:
system:
uname: "Linux ip-172-31-20-213 3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux"
name: "Ubuntu"
version: "14.04"
architecture: "x86_64"
bash: "/bin/bash => GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)"
zsh: " => not installed"
remote_path: "ubuntu/14.04/x86_64"
rvm:
version: "1.29.12 (manual)"
updated: "2 months 20 days 19 hours 54 minutes 44 seconds ago"
path: "/usr/share/rvm"
autolibs: "[4] Allow RVM to use package manager if found, install missing dependencies, install package manager (only OS X)."
ruby:
interpreter: "ruby"
version: "2.4.9p362"
date: "2019-10-02"
platform: "x86_64-linux"
patchlevel: "2019-10-02 revision 67824"
full_version: "ruby 2.4.9p362 (2019-10-02 revision 67824) [x86_64-linux]"
homes:
gem: "/home/ubuntu/.rvm/gems/ruby-2.4.9"
ruby: "/usr/share/rvm/rubies/ruby-2.4.9"
binaries:
ruby: "/usr/share/rvm/rubies/ruby-2.4.9/bin/ruby"
irb: "/usr/share/rvm/rubies/ruby-2.4.9/bin/irb"
gem: "/usr/share/rvm/rubies/ruby-2.4.9/bin/gem"
rake: "/home/ubuntu/.rvm/gems/ruby-2.4.9/bin/rake"
environment:
PATH: "/home/ubuntu/.rvm/gems/ruby-2.4.9/bin:/home/ubuntu/.rvm/gems/ruby-2.4.9@global/bin:/usr/share/rvm/rubies/ruby-2.4.9/bin:/usr/share/rvm/bin:/home/ubuntu/.rbenv/plugins/ruby-build/bin:/home/ubuntu/.rbenv/shims:/home/ubuntu/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
GEM_HOME: "/home/ubuntu/.rvm/gems/ruby-2.4.9"
GEM_PATH: "/home/ubuntu/.rvm/gems/ruby-2.4.9:/home/ubuntu/.rvm/gems/ruby-2.4.9@global"
MY_RUBY_HOME: "/usr/share/rvm/rubies/ruby-2.4.9"
IRBRC: "/usr/share/rvm/rubies/ruby-2.4.9/.irbrc"
RUBYOPT: ""
gemset: ""
我的 web 应用程序在 nginx 前端下运行,向在 Puma 下运行的 ruby on rails 发送请求。我的美洲狮版本:
puma -v
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/puma_http11.so: [BUG] Segmentation fault at 0x00000000000640
ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]
-- Control frame information -----------------------------------------------
c:0022 p:-17524110008176 s:0109 e:000108 TOP [FINISH]
c:0021 p:---- s:0107 e:000106 CFUNC :require
c:0020 p:0115 s:0103 e:000102 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55
c:0019 p:0087 s:0093 e:000092 TOP /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/server.rb:15 [FINISH]
c:0018 p:---- s:0091 e:000090 CFUNC :require
c:0017 p:0115 s:0087 e:000086 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55
c:0016 p:0007 s:0077 e:000076 TOP /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/runner.rb:3 [FINISH]
c:0015 p:---- s:0075 e:000074 CFUNC :require
c:0014 p:0115 s:0071 e:000070 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55
c:0013 p:0007 s:0061 e:000060 TOP /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cluster.rb:3 [FINISH]
c:0012 p:---- s:0059 e:000058 CFUNC :require
c:0011 p:0115 s:0055 e:000054 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55
c:0010 p:0023 s:0045 e:000044 TOP /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/launcher.rb:5 [FINISH]
c:0009 p:---- s:0043 e:000042 CFUNC :require
c:0008 p:0115 s:0039 e:000038 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55
c:0007 p:0039 s:0029 e:000028 TOP /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cli.rb:8 [FINISH]
c:0006 p:---- s:0027 e:000026 CFUNC :require
c:0005 p:0115 s:0023 e:000022 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55
c:0004 p:0007 s:0013 e:000012 TOP /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/bin/puma:6 [FINISH]
c:0003 p:---- s:0010 e:000009 CFUNC :load
c:0002 p:0135 s:0006 E:001c18 EVAL /home/ubuntu/.rbenv/versions/2.1.2/bin/puma:23 [FINISH]
c:0001 p:0000 s:0002 E:0019f8 TOP [FINISH]
-- Ruby level backtrace information ----------------------------------------
/home/ubuntu/.rbenv/versions/2.1.2/bin/puma:23:in `<main>'
/home/ubuntu/.rbenv/versions/2.1.2/bin/puma:23:in `load'
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/bin/puma:6:in `<top (required)>'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cli.rb:8:in `<top (required)>'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/launcher.rb:5:in `<top (required)>'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cluster.rb:3:in `<top (required)>'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/runner.rb:3:in `<top (required)>'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/server.rb:15:in `<top (required)>'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
/home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
...
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Aborted (core dumped)
我正在尝试连接到第三方网络服务:
client = Savon.client(wsdl: "https://www.booking-manager.com/cbm_web_service2/services/CBM",
#log_level: :info,
log_level: :debug,
log: true,
pretty_print_xml: true,
open_timeout: 300,
read_timeout: 300)
message = {'in0' => Yanpy::MMK_USER_ID,
'in1' => Yanpy::MMK_USERNAME,
'in2' => Yanpy::MMK_PASSWORD}
response = client.call(:get_regions, message: message)
更新根据下面@jangaraj 提供的答案,我可以在开发环境中解决问题:Error Certificate verify failed (certificate has expired)): in Mac OSX 11.6.1 and ruby 3.0.3 .但是,我仍然无法解决生产中的问题。我认为根本原因是在使用正确的 ca-certificates 文件更新我的 Web 服务请求之前,我需要清楚这个文件在哪里以及它是否工作。为此,再次根据我在另一篇开发文章中遵循的步骤,运行:
openssl s_client -showcerts -host valid-isrgrootx1.letsencrypt.org -port 443
我可以按照 https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190/970 中的步骤调试和修复 ca 证书配置但是,目前这对我不起作用。我看到一些杂乱的 ca-certs 文件夹和文件,可能来自不同的安装?我试着解释一下:
但除此之外,我还可以在/etc/ssl/certs 中看到一个 ca-certificates.crt,其中包含格式如下的证书列表:
-----开始证书-----...-----证书结束-----
/usr/lib/ssl/certs 似乎拥有与/etc/ssl/certs 相同的证书。
事实是,当我运行 openssl s_client -showcerts -host valid-isrgrootx1.letsencrypt.org -port 443 时,我仍然会遇到下一个错误:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/CN=origin.letsencrypt.org
i:/C=US/O=Let's Encrypt/CN=R3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAz+qxNSV9WDWFPKhpVo1EzpqMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAyMjMxNTAwMjFaFw0yMjA1MjQxNTAwMjBaMCExHzAdBgNVBAMT
Fm9yaWdpbi5sZXRzZW5jcnlwdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCZbsEvIzZDb5R7A/pDm4EYksNEMlQEo5uJT+CFA29bb8ldJAcsqdOj
Fge72dr2qWcowC2azODBuS0fE0nMKpt09r+DX/k3HeF2Z9v/HW/B3ManDgpo7FfT
F6m7zyfEowVPK82hm1aruBlBJAcMZrwOvQIfeiOG6hxkH+ScHmoiiVAlWt1v9wKK
tgELlhn5OJkGklVX8xPY+2UlEWaSqoyPmiYnAE+tk4vi6kcAYgpcTOUOrsLnVgAW
iy3ShTAlM8AfGnRYV5dkdzSafRmbi2bJXhoINwi2NDKboZHZY88Au8PNZlA32XBo
E8RBI/bVaK5/rWjN0IJffvv+N5C4kSWLAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFLIea0+W5J3EbMku+rkQSL92smpuMB8GA1UdIwQYMBaAFBQu
sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV
aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s
ZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9yaWdpbi5sZXRzZW5jcnlwdC5vcmcwTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdQDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAX8nT+NHAAAE
AwBGMEQCIH1xywyRde3OwoG0RZQW0xfXFEfnd5IFDuSEWHmaxaJEAiAmqTVJrTo1
ycmg1DUrlp087WgXdE8RleCkwWLiiCI0gAB2ACl5vvCeOTkh8FZzn2Old+W+V32c
YAr4+U1dJlwlXceEAAABfydP478AAAQDAEcwRQIgI65GyXpBqx6zYOVRu6jBNVNa
yXR//Rvfih5E6oR8or0CIQD+GA9xLWfIsexfPpqczQgxlKrHHU7Jm9635VjotOJG
wTANBgkqhkiG9w0BAQsFAAOCAQEAgUSK3HvXnKsR+WqNSmJvcXPzEZaTTp1sq4++
zRK6sZ1TJsJQq00aPX1625fSOYNQa0vYDFahfEeXMQ9IceOQJ+HE7NZYgnjnKb3u
96fhRyGBpPEY3szbtJQWk8oDQgFk3u7FS+AnxyXP88ypiC4iDk16Ab9Nip+8sz6t
JOzo3KvVlucviS8K4vJemz6WyH8Ux7KX3r/IvPFj7Cx2aBAx6QM7lXWXgo6PHS/r
eo+KjKo0YWZfdXm7oD7VpOlPNr4W7kAuKidmPSwOPB7RGJ/OKfbGiFCVt8Yy9cyp
hMYLmYJ9qZtxKFGi2kR7Cl/0LuXaBNy4SximhxPUWXQZhoNL3A==
-----END CERTIFICATE-----
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=origin.letsencrypt.org
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
---
SSL handshake has read 4700 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 1DA772568CC98B40026497CB0013ABD22F5F2D9142370B99017A3C84EAEBC0BD
Session-ID-ctx:
Master-Key: C0324E0CDC2FEA59C3A921E1CDCBED19DD7EF2D4785B4BC8208B18934E1E8FA646692F3AAB956CFA2646015AEB3A6AAB
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - a7 64 6c 88 3c 76 89 cf-37 95 cd b6 5f 84 c3 71 .dl.<v..7..._..q
0010 - de ca 95 74 f3 f8 9f 08-eb bc e7 be a5 63 ca e4 ...t.........c..
0020 - 1e 80 c9 a6 a7 bd fe 9e-a0 ae f7 f1 64 74 b3 ff ............dt..
0030 - e2 8d 1e 2a 51 0a 5a f5-77 6d 86 b6 87 28 a1 2a ...*Q.Z.wm...(.*
0040 - e0 ff 79 d8 d5 89 52 99-a7 50 ca 35 62 30 97 f9 ..y...R..P.5b0..
0050 - 24 57 b3 e5 87 4a 60 04-c2 e9 45 c7 47 cd b9 a9 $W...J`...E.G...
0060 - b2 d5 f9 82 05 f6 98 5f-54 4a 5e 4a f5 06 66 da ......._TJ^J..f.
0070 - e6 ba 13 ff 66 ff a3 3a-b7 1c db fa 05 ad 51 0f ....f..:......Q.
0080 - ba ad fe 92 ea e7 c6 92-02 89 ec 83 06 46 06 2d .............F.-
0090 - 1b 96 95 81 80 4a eb 55-b1 80 6a 5d e6 09 78 75 .....J.U..j]..xu
00a0 - fe a9 c2 d8 d2 e2 31 a5-77 c5 d2 e2 c9 3b d0 01 ......1.w....;..
Start Time: 1646907242
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
因此,DST Root CA X3 似乎存在于某处。我卡在了这一点上。
openssl version
OpenSSL 1.0.1f 6 Jan 2014
如果我运行:
ubuntu@ip-172-31-9-63:~$ irb
2.1.4 :001 > require "openssl"
=> true
2.1.4 :002 > puts OpenSSL::OPENSSL_VERSION
OpenSSL 1.0.1f 6 Jan 2014
=> nil
2.1.4 :003 > puts "SSL_CERT_FILE: %s" % OpenSSL::X509::DEFAULT_CERT_FILE
SSL_CERT_FILE: /usr/lib/ssl/cert.pem
=> nil
2.1.4 :004 > puts "SSL_CERT_DIR: %s" % OpenSSL::X509::DEFAULT_CERT_DIR
SSL_CERT_DIR: /usr/lib/ssl/certs
=> nil
但是/usr/lib/ssl/cert.pem 不存在。
此外,如果我这样做:
openssl version -d
我得到:OPENSSLDIR: "/usr/lib/ssl"
更新为了分开这些问题,我在这里创建了一个关于当前问题的新帖子:Removing old Digital Signature Trust Co./CN=DST Root CA X3 throwing error verify error:num=20:unable to get local issuer certificate in Ubuntu Part 1我想一旦它修复了,我就能在这篇文章中修复它。
最佳答案
看起来您使用的是 Ubuntu 14 和 Savon 2 客户端。Savon 2 客户端文档:https://www.savonrb.com/version2/globals.html
ssl_ca_cert_file
Sets the SSL ca cert file to use.
Savon.client(ssl_ca_cert_file: "lib/ca_cert.pem")
我会将 ssl_ca_cert_file 明确指向 /etc/ssl/certs/ca-certificates.crt。
确保您的操作系统具有有效的 CA 证书:
apt-get update -y
apt --only-upgrade install -y ca-certificates
update-ca-certificates
Ruby 使用的旧 OpenSSL 版本也可能存在问题。
关于ruby - SSL_connect 返回=1 错误号=0 状态=错误 : certificate verify failed in ruby and Ubuntu 14. 04,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71164059/
26
4
0
我正在尝试使用以下命令在远程 Ubuntu 服务器的后台运行进程: sshpass -p PASSWORD ssh root@HOST 'nohup COMMAND-THAT-BLOCKS &' 不幸
普通 Ubuntu 和 ARM Ubuntu 有什么区别。我可以运行所有应用程序吗也在 ARM Ubuntu 中的普通 Ubuntu 下运行? Ubuntu 更新会自动发生吗? Torrent 下载器
关闭。这个问题是off-topic .它目前不接受答案。 想改进这个问题? Update the question所以它是on-topic对于堆栈溢出。 9年前关闭。 Improve this que
我正在尝试预置 Xenial 图像,它工作得很好,除了分区。 cloud-init 只能增长根分区,并且在使用扩展分区内的根文件系统构建镜像时不起作用: NAME MAJ:MIN RM SIZ
我对 Ubuntu 和 OpenFoam 真的很陌生,所以尝试学习并做一些教程。我正在使用 Docker 在 Ubuntu 上使用 OpenFoam。 我将文件夹复制到特定目录,但是当我尝试使用终端访
我在使用系统启动设置运行软件时遇到问题。我有 ubuntu 20.04。我试图将这些行插入到 etc/rc.local #!/bin/bash /usr/bin/clamonacc 它不起作用。第二次
TARGETS = client server CL_OBJ = clientMain.o Controller.o UI.o List.o Movie.o Server.o Serializer.o
我有一个 ubuntu服务器系统是8.04 hardy ,我在哪里安装rabbitmq。 rabbitmq依赖于 erlang-nox (>= 1:12.b.3) ,但是在当前的 ubuntu 版本中
我有一个用于开发的 Ubuntu virtualbox 设置。当我在文件中处于 org-mode 时,org-mode 的任何热键都不起作用(例如 M-RETURN 用于创建新标题)。我该怎么做才能让
我的 SchemaCrawler(版本 15.01.03)模式图在 Ubuntu 18.04 LTS 上截断表名。看起来表格通常被画得太窄,因为“[TABLE]”符号也开箱即用。在我的 Mac 上渲染
在 Ubuntu 中,设置应用程序中有几个地方有一个非常漂亮的 ListView ,带有添加/删除按钮,包括外观、键盘布局、隐私、蓝牙等。他们使用什么小部件?我开始使用 Glade 开发我的第一个 U
需要帮助卸载 jjrofiler。没有意识到它需要许可证。通过 .sh 可执行文件安装。 最佳答案 如果您转到 jProfiler 安装目录,您将找到名为 uninstall 的可执行文件,只需从终端
我一直在寻找几天,我没有想出解决方案。我是 ruby 新手,但我想通过使用 spree 开发自己的在线商店。 我使用:rails:Rails 3.2.13 ruby :ruby-1.9.3-p42
我尝试使用以下命令从/usr/local/bin 中删除我的 python2.7 和 python3 文件夹:sudo rm -rf python2.7 和 sudo rm -rf python3。后
在 ubuntu 服务器中(使用 ssh 协议(protocol)), 如何更改因不活动而断开连接的时间? 最佳答案 你能在 .bash_profile 中加入“exec screen -R”,在 .
我使用以下配置在 /etc/apache2/site-available/mysite.local 中创建了一个虚拟主机: ServerAdmin webmaster@localhost
我为大约 210 个用户新设置了一个代理服务器。它运行 ubuntu server 2012 和 squid3。问题是在凌晨 1:30 之后,如果用户尝试打开 google.com、youtube.c
gitlab-ci-multi-runner 1.0.2 (ea19241) Using Shell executor... Running on ip-... Cloning repository.
我有一个备份服务器,它每小时接收许多 rsync 连接。由于打开太多 rsync 实例可能会导致崩溃,我想使用 Semaphore 来限制并发实例的数量。 .我的想法是这样的: ssh root@ba
我有同一个库的多个版本,我的程序动态链接到这些库。有时我想更改使用的版本。 我一直在阅读,出于安全原因,新版本的 Ubuntu 不再支持 LD_LIBRARY_PATH。我可以将路径添加到 /etc/
我是一名优秀的程序员,十分优秀!