Code: Select all
<!DOCTYPE html><html><body style="font-family:verdana"><h1>WAPTHttpServer Server Error 404</h1><hr><p>HTTP 404 Not Found</p><p>Wrong route</p><small>mORMot 2</small></body></html>[RESOLVED] SSL on WAPTHttpServer secondary repository
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Using Python and import requests, I get the same error, but with curl, it seems to work:
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
curl with "--cacert"?
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
For me, the same error as wapt-get update:
Code: Select all
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 464, in _make_request
self._validate_conn(conn)
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 1093, in _validate_conn
conn.connect()
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 790, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 969, in _ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 480, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 524, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "ssl.py", line 513, in wrap_socket
File "ssl.py", line 1104, in _create
File "ssl.py", line 1375, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
response = self._make_request(
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 488, in _make_request
raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 644, in send
resp = conn.urlopen(
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 841, in urlopen
retries = retries.increment(
File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\retry.py", line 519, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='<fqdn du dépôt>', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "C:\Program Files (x86)\wapt\lib\site-packages\requests\api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "C:\Program Files (x86)\wapt\lib\site-packages\requests\api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 675, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='<fqdn du dépôt>', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1017)')))-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
I'm a bit stuck; it seems surprising that curl accepts it but not Python.
Could you try setting the secondary repository in the "Main repository URL" configuration to HTTPS in the WAPT console
and then clicking "Verify" to see if that helps?
Could you try setting the secondary repository in the "Main repository URL" configuration to HTTPS in the WAPT console
and then clicking "Verify" to see if that helps?
Yes, I've already tried that and it works, and I do have a line in access443.log:
Code: Select all
x.x.x.x - - [02/Feb/2026:08:55:42 +0000] "HEAD /wapt/ping HTTP/1.1" 200 176 "https://<fqdn du dépôt>" "waptconsole/2.6.1.17472W"-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
I'm a bit stuck; it seems Python is rejecting the certificate, but the console is working...
The last time I saw that, it was an antivirus program that was performing a MITM attack in the middle of a certain application.
to try :
To retrieve the certificate, see...
The last time I saw that, it was an antivirus program that was performing a MITM attack in the middle of a certain application.
to try :
Code: Select all
import waptlicences
waptlicences.get_peer_cert_chain_from_server("https://reposecondaire",r"C:\waptdev\test")
Mmmh, I have this:
However, waptcrypto.get_peer_cert_chain_from_server returns [ <SSLCertificate cn='<fqdn du dépôt>' fingerprint=xxxxxx issuer='<Mon AC>' validity=202x-xx-xx - 20xx-xx-xx Code-Signing=False CA=False> ]
While it seems to me that he should also return the intermediate and the AC...
Code: Select all
Traceback (most recent call last):
File "<console>", line 1, in <module>
AttributeError: module 'waptlicences' has no attribute 'get_peer_cert_chain_from_server'While it seems to me that he should also return the intermediate and the AC...
