Failed to login to balena

pli · August 21, 2019, 10:30pm

Hi,

I installed openbalena on an aws instance and got this error at login.

| |__ __ _ | | ____ _ __ __ _
| '_ \ / || | / __ \| '_ \ / _ |
| |) | () || || /| | | || () |
|._/ _,||| _/|| || _,_|

Logging in to x.y.z.com
? How would you like to login? Credentials
? Email:
? Password: [hidden]
FetchError: request to https://api.x.y.z.com/login_ failed, reason: self signed certificate in certificate chain
at ClientRequest. (/snapshot/versioned-source/node_modules/node-fetch/index.js:133:11)
at ClientRequest.emit (events.js:189:13)
at ClientRequest.EventEmitter.emit (domain.js:441:20)
at TLSSocket.socketErrorListener (_http_client.js:392:9)
at TLSSocket.emit (events.js:189:13)
at TLSSocket.EventEmitter.emit (domain.js:441:20)
at emitErrorNT (internal/streams/destroy.js:82:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
at process._tickCallback (internal/process/next_tick.js:63:19)

I am running on CentOS 7 and I already updated the system to trust the self signed cert by using the following commands and restarted the docker:

export NODE_EXTRA_CA_CERTS=~/open-balena/config/certs/root/ca.crt
update-ca-trust force-enable
cp /root/open-balena/config/certs/root/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

Any idea?
Thanks

chrisys · August 21, 2019, 10:48pm

Hey @pli

I’m assuming you’re using the quickstart script to get up and running.
As you’re using a custom domain name, I wonder if this was specified when you ran quickstart and if the certificates generated were copied to your client after that?

pli · August 21, 2019, 11:05pm

Hi @chrisys,

I used a registered domain name but self signed cert for testing at this moment. Yes, I am using quickstart to setup the instance.

Thanks

afitzek · August 22, 2019, 7:37am

Hi @pli,
Can you show us the CLI command you run on your workstation? You mentioned you use the command export NODE_EXTRA_CA_CERTS=~/open-balena/config/certs/root/ca.crt and restarted docker. I’m not sure what you mean by that, but you need to add the envvar NODE_EXTRA_CA_CERTS to point to the ca.crt for the cli process.
Also to get to the bottom of this, maybe you can check what certificate is used for your api: curl -v https://api.x.y.z.com/login_.

pli · August 23, 2019, 4:58pm

@afitzek

I found out my problem is caused by the DNS pointing to the wrong server running openbalena. Thanks for your help!

Patrick

Topic		Replies	Views
SELF_SIGNED_CERT_IN_CHAIN error in balena login openBalena	1	854	July 19, 2020
Connection fails with "SELF_SIGNED_CERT_IN_CHAIN" (balena-cli) openBalena support	2	2881	May 8, 2020
SELF_SIGNED_CERT_IN_CHAIN server error openBalena	2	1181	November 9, 2020
Self_signed_cert_in_chain openBalena	3	1321	January 28, 2019
Balena login unauthorized openBalena	8	1451	November 6, 2019

Failed to login to balena

Related topics