Xibo weather module issues

Hello, everyone,

I’ve had some issues using weather module - unable to fetch the resource.
The error in log is:

cURL error 60: SSL certificate problem: unable to get local issuer certificate (see libcurl - Error Codes)

Tried to do this as described in this article, but the issue is i’m on a Docker install on Windows, so I don’t quite understand how exactly to install a certificate in Docker installations.

The thing is - we run Xibo in a corporate network through proxy which is automatically configured via Windows domain. We run Xibo on Docker on Windows installation and Intel NUCs on Xibo player for Windows. The host machine for Xibo server can access the internet correctly, as can the clients. The only thing that crosses my mind is that a Docker container can’t go through the proxy. I’ve tried setting up proxy, but no difference there.

I have the company certificate, is there a way to insert it to Xibo container so maybe that would solve the issue?
This curl issue also manifest itself if i fetch outside rss feeds, same issue.

Anyone got any advice on what to do?

It looks as if your corporate proxy is intercepting the HTTPS request, and then changing the certificate, so as you say you’ll need to inject the company CA certificate in to the container.

Assuming this is Xibo 1.8.7, then it’s based on Alpine Linux, so the guide here will give you the details:

In short, copy the CA certificate file (probably with a .pem extension), to /usr/local/share/ca-certificates inside the container, and then run update-ca-certificates.

To copy the file in to the container, you can use docker cp:

To run the update-ca-certificates command, you use docker exec -ti containername update-ca-certificates, where containername is the name of your cms-web container.

Yeah, already tried that (different way tho), but when i tried
docker exec -ti containername update-ca-certificates
it says:

WARNING: Skipping duplicate certificate in file company_certificate.cer

Is the problem that it’s a .cer file? I reckon I should only insert it into CMS container (the one running Web server) - in my case “xibo_cms-web_1”.

This proxy uses both this certificate and authentication. Under Xibo settings, I’ve tried to enter proxy but it behaves the same whether I use proxy settings or not.


I would expect the certificate file to have a .pem extension - per my reply. Could you try renaming it? And yes you only want to add it to your cms-web container.

That said it says “duplicate certificate”, so perhaps you added the file more than once there?

In that case, I’d expect stopping and starting the web container to pick that up now.

Our certificate provider only offers us .crt and .cer. I’ll go ahead and try to convert it as described here:

and see if it’ll work out.
I’ll get back here with the results.

crt and pem are the same thing as far as I’m aware. They’re both X509 encoded certificates. All that needs to change is the file extension.

Wow, it seems that we’re getting somewhere. After inserting .pem certificate, now it’s giving me this in Xibo log:

Client error: GET http://xibo.org.uk/feed resulted in a 401 authenticationrequired response: <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd (truncated…)

This looks like our proxy still needs auth info, which I’ve tried to set up via Xibo settings on the proxy tab,
but it doesn’t change behaviour whether we set up the proxy details or not.
I believe I have to set it up in the cms web container. Any idea on how to set it up inside the container?
I’m really noob regarding Docker, so apologies on that.

Thank you so much, Alex, you’re moving me in the right direction :slight_smile:

Just a remark - could it be somehow connected with the fact that Kitematic tells me it’s “unable to get local issuer certificate”?
Are there any GUI containers such as PHPMyAdmin for MySQL to simplify this process a bit?
I’m fine with using any tool, it’s just that in case someone stumbles across these issues can look up this post and hopefully someone can use it to solve issue like this.
I know it’s not directly Xibo connected, but I’d really love this to work and help people in the future if they come across the same issue.

Alex, nevermind - it actually was the proxy settings in the Xibo settings.
This thing now completely works - inserting the certificate + setting proxy up properly in Xibo settings solved this.
Thank you so much for your time, issue is solved.

Hmmm, though the weather module now works correctly, I’m getting errors fetching multiple .rss feeds - both inside and outside local network:

Unable to get feed: Error creating resource: [message] fopen(): php_network_getaddresses: getaddrinfo failed: Try again [file] /var/www/cms/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php [line] 324 [message] fopen(http://myrssserver.com): failed to open stream: php_network_getaddresses: getaddrinfo failed: Try again [file] /var/www/cms/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php [line] 324

(faked the server URL)
This started occuring when after certificate and proxy settings.
Any idea on this?

I believe there’s already a bug logged for proxy issues with feeds in 1.8.7 and that should be addressed in the next release