I’ve had some issues using weather module - unable to fetch the resource.
The error in log is:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see libcurl - Error Codes)
Tried to do this as described in this article, but the issue is i’m on a Docker install on Windows, so I don’t quite understand how exactly to install a certificate in Docker installations.
The thing is - we run Xibo in a corporate network through proxy which is automatically configured via Windows domain. We run Xibo on Docker on Windows installation and Intel NUCs on Xibo player for Windows. The host machine for Xibo server can access the internet correctly, as can the clients. The only thing that crosses my mind is that a Docker container can’t go through the proxy. I’ve tried setting up proxy, but no difference there.
I have the company certificate, is there a way to insert it to Xibo container so maybe that would solve the issue?
This curl issue also manifest itself if i fetch outside rss feeds, same issue.
It looks as if your corporate proxy is intercepting the HTTPS request, and then changing the certificate, so as you say you’ll need to inject the company CA certificate in to the container.
Assuming this is Xibo 1.8.7, then it’s based on Alpine Linux, so the guide here will give you the details:
In short, copy the CA certificate file (probably with a .pem extension), to /usr/local/share/ca-certificates inside the container, and then run update-ca-certificates.
To copy the file in to the container, you can use docker cp:
To run the update-ca-certificates command, you use docker exec -ti containername update-ca-certificates, where containername is the name of your cms-web container.
Yeah, already tried that (different way tho), but when i tried docker exec -ti containername update-ca-certificates
it says:
WARNING: Skipping duplicate certificate in file company_certificate.cer
Is the problem that it’s a .cer file? I reckon I should only insert it into CMS container (the one running Web server) - in my case “xibo_cms-web_1”.
This proxy uses both this certificate and authentication. Under Xibo settings, I’ve tried to enter proxy but it behaves the same whether I use proxy settings or not.
I would expect the certificate file to have a .pem extension - per my reply. Could you try renaming it? And yes you only want to add it to your cms-web container.
That said it says “duplicate certificate”, so perhaps you added the file more than once there?
In that case, I’d expect stopping and starting the web container to pick that up now.
Wow, it seems that we’re getting somewhere. After inserting .pem certificate, now it’s giving me this in Xibo log:
Client error: GET http://xibo.org.uk/feed resulted in a 401 authenticationrequired response: <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd (truncated…)
This looks like our proxy still needs auth info, which I’ve tried to set up via Xibo settings on the proxy tab,
but it doesn’t change behaviour whether we set up the proxy details or not.
I believe I have to set it up in the cms web container. Any idea on how to set it up inside the container?
I’m really noob regarding Docker, so apologies on that.
Thank you so much, Alex, you’re moving me in the right direction
Just a remark - could it be somehow connected with the fact that Kitematic tells me it’s “unable to get local issuer certificate”?
Are there any GUI containers such as PHPMyAdmin for MySQL to simplify this process a bit?
I’m fine with using any tool, it’s just that in case someone stumbles across these issues can look up this post and hopefully someone can use it to solve issue like this.
I know it’s not directly Xibo connected, but I’d really love this to work and help people in the future if they come across the same issue.
Thanks
Alex, nevermind - it actually was the proxy settings in the Xibo settings.
This thing now completely works - inserting the certificate + setting proxy up properly in Xibo settings solved this.
Thank you so much for your time, issue is solved.