That error looks like you are not using a valid config file. Could you try to regenerate it for your NUC and try again? As a reminder, it can be downloaded from your balenaCloud dashboard. Once you have added an application click âAdd a new deviceâ, click to expand the âAdvancedâ section and check âDownload configuration file onlyâ now click âDownload configuration fileâ
Hi, just jumping in there. Are you trying to run balenaOS without connecting to a backend or are you trying to connect it to an openBalena instance? Perhaps you could post the config.json you created here, omitting any sensitive data of course.
I am having a look into this myself using my own intel nuc. Can I ask you how you went about creating your config file? Did you follow the instructions in this guide: https://www.balena.io/open/docs/getting-started/
Another thing i noticed is that the value you have for the apiEndpoint doesnât look like a real domain (https://api.domain.org). Is that something you sanitised before posting to us for security? Or is that what is on your copy of the config.json file?
Hi there, what do you mean you went inside the image file to copy the config.json? You donât need to manually copy the config.json, balena os configure does that for you. Can you try following https://www.balena.io/open/docs/getting-started step by step and see if the issue gets resolved? If you are still having issues, we can see why thatâs happening.
I am not trying to configure a local image of the intel-nuc, but one Iâve pull from the dockerHub, and use it through the balena-os-container project so, I think I just need a config.json file.
By following that tutorial I would get a local image of the intel-nuc with inside the config.json, isnât it?
Yes, thatâs true, I missed that point. Can you then try using https://www.balena.io/docs/reference/balena-cli/#config-generate to generate the config.json, and then use that when you are running ./balenaos-in-container.sh? Let me know if that works and I can look into it further if it doesnt.
Hi @matteopeluso, taking a step back here. Could you please verify that openBalena works fine?
[error] LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error] at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error] at TLSSocket.emit (events.js:310:20)
[error] at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error] at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
This error you posted points to misconfigured certification. Could you check that you have completed the install self signed cert section?
Specifically making sure you have set export NODE_EXTRA_CA_CERTS='/path/to/ca.crt' correctly?
Perhaps recreating the certificate will address this issue already. If not, let us know so we could dive into further debugging.
Yes, I have completed the installation of the self signed cert, and Iâve been using Balena for some months already without any problem.
But I am not able to generate a new certificate because I am not the âownerâ of this openBalena server.
Any idea on what else I could try? Maybe changing the device? Iâve just created another physical device, a raspberrypi3, and I didnât have any problem with my certification in this case.
Interesting to note that the pi3 image did work, Iâll ask our OS colleagues what the difference in between the NUC and pi3 image is.
Because the self-signed certificate is failing, my advice would be to resolve that first. We have had users report various issues before that were related to certificates not working correctly.
Hi, we have found out that openBalena has incompatibilities with balenaOS. Could you try the NUC with a balenaOS version that is lower than 2.49.0? We are actively working on resolving these issues, so a fix should arrive soon. Until then letâs confirm that this also resolves your issue.
[error] LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error] at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error] at TLSSocket.emit (events.js:310:20)
[error] at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error] at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
Warning: Ignoring extra certs from `/etc/ssl/certs/balenaRootCA.pem`, load failed: error:02001002:system library:fopen:No such file or directory
It looks like the root CA is not populated, and this would be coming from your config.json. Could you share the config.json youâre using and just obfuscate the URL and API keys?
I can see you have a valid base64 encoded PEM for the root CA so I am not sure why this isnât being populated into /etc/ssl/certs/balenaRootCA.pem â I wonder if this is something relevant to how it runs in a container but I havenât tried this myself. I see that the domain in the cert is a .local domain so I presume you have openBalena running on your LAN somewhere?