Unable to establish SSL connection. on ./getLicence

I

icer

Verified User
Joined
Jun 10, 2005
Messages
22
[root@elatha][/usr/local/directadmin/scripts]$ ./getLicense.sh LID UID
--15:26:18-- https://www.directadmin.com/cgi-bin/licenseupdate?lid=xxxx&uid=xxxx
=> `/usr/local/directadmin/conf/license.key'
Resolving www.directadmin.com... 66.51.122.131
Connecting to www.directadmin.com|66.51.122.131|:443... connected.
ERROR: Certificate verification error for www.directadmin.com: unable to get local issuer certificate
To connect to www.directadmin.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
Error downloading the license file
[root@elatha][/usr/local/directadmin/scripts]$



How do i fix this? (not using the --no-chekc option) I had this issue on setup, i just #HASHED out the cert/ssl line in the setup.sh. I cant do that here.

ThankYou
 
YOu might contact DirectAdmin about this problem. Since that errror message isn't in my getLicense.sh file I assume it's being generated by DirectAdmins server.
 
getting this same error with another freebsd server myself.

did a cvsup and running a portupgrade -Rfa on it right now, hopefully this solves any dependency issues with the precompiled wget binary found @ http://files.directadmin.com/services/freebsd4.8/wget

-Justin

EDIT: Ok that is not helping much either. the precompile wget binary is spitting out the following all the time even after portupgrading everything:
/usr/libexec/ld-elf.so.1: Shared object "libintl.so.4" not found, required by "wget"

I would suggest DA compile up a working wget binary for us for FreeBSD 4.11 since many run it presently.
 
Last edited:
ircd2# sh getLicense.sh CID LID
--04:47:34-- https://www.directadmin.com/cgi-bin/licenseupdate?lid=&uid=
=> `/usr/local/directadmin/conf/license.key'
Resolving www.directadmin.com... 66.51.122.131
Connecting to www.directadmin.com|66.51.122.131|:443... connected.
ERROR: Certificate verification error for www.directadmin.com: unable to get local issuer certificate
To connect to www.directadmin.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
Error downloading the license file

---
Still outputting the exact same error as before. This one however does work it just is not functional with ssl at all aparently (which is needed obviously).

I have tried to no avail to get wget working with ssl both from ports and source code (even installed openssl from source and specified to wget where it was when i compiled it and that failed too).

-Justin
 
Hello,

Thanks for the quick reply. I've edited the wget source a bit to change the default settings for the certificate checking. Try downloading it again.

John
 
Hello,

That one is only for 4.x machines.

I've made your a 5.x version:
http://files.directadmin.com/services/freebsd5.1/wget_new

Give it a try and let me know if it works.

John
 
4x binary is still producing the same error just without the notice of the no check cert being given instead.

ircd2# sh getLicense.sh CID LID
--18:55:33-- https://www.directadmin.com/cgi-bin/licenseupdate?lid=&uid=
=> `/usr/local/directadmin/conf/license.key'
Resolving www.directadmin.com... 66.51.122.131
Connecting to www.directadmin.com|66.51.122.131|:443... connected.
WARNING: Certificate verification error for www.directadmin.com: unable to get local issuer certificate
HTTP request sent, awaiting response... 200 OK
Length: 0 [application/octet-stream]

[ <=> ] 0 --.--K/s

18:55:34 (0.00 B/s) - `/usr/local/directadmin/conf/license.key' saved [0/0]

This is something I have noticed a few times so far with both freebsd 4.x and 5.4 servers. This issue is somewhat urgent due to directadmin not running if it is unable to verify a valid key.

-Justin
 
As this is happening to both my resold client's and my own I am not about to go sending out root login details I'm sorry but that risk can not be taken. I was under the impression you folks had your own testing servers to fully test out these issues on them and to resolve anything before any scripts hit production? This is becoming somewhat of a problem as it is occurring with any new wget installs. I am going to attempt to install a slightly older wget from source code though and see where that gets me as it seems 1.10 and higher are faulty when used in conjunction with ssl connections.

-Justin

EDIT: Ok I have at this time installed wget version 1.8.2 from a source tarball and that one works fine with ssl to wget the directadmin license key file. I would advise clients on freebsd having similar issues to lookup an older wget tarball and to NOT at this time setup wget from the pkg_add system or ports tree as it seems to tend to cause conflicts with the ssl auto detection (even when specifying where ssl is it still fails to function as intended).
 
Last edited:
Hello,

Yes, we do have test servers, and we were able to duplicate the key error. However, the cgi-bin/licenseupdate command of size zero, we are not able to duplicate. We always receive something in the files (size greater than 0), hence my confusion as to why nothing is being sent. Would you be able to let us know the IP address of the affected server so we can check the logs on our own end to see if there are any errors?

What do you get when you run:
Code: 
-bash-2.05b# [b]wget [url]https://www.directadmin.com/cgi-bin/licenseupdate[/url][/b]
--18:02:09--  [url]https://www.directadmin.com/cgi-bin/licenseupdate[/url]
           => `licenseupdate'
Resolving [url]www.directadmin.com...[/url] 66.51.122.131
Connecting to [url]www.directadmin.com[/url]|66.51.122.131|:443... connected.
WARNING: Certificate verification error for [url]www.directadmin.com:[/url] unable to get local issuer certificate
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

     [ <=>                                                      ][b]45[/b]            --.--K/s

18:02:09 (1.79 MB/s) - `licenseupdate' saved [45]
Note that the size is 45 bytes when no parameterers are passed. It's possible there are firewall or network blocks causing problems.

John
 
Note that the size is 45 bytes when no parameterers are passed. It's possible there are firewall or network blocks causing problems.
Click to expand...

I highly doubt that is the case as i just got it to download the license key on the problematic server without any problem once i rolled wget back a couple versions via a source code install.

I will PM you the IP via the forum here so you can check it on your end though. I am kinda doubtful tho that it is a firewall related problem since a moment ago it did download the lic file with not one error for me once i installed wget 1.8.2.

Regards,
Justin

EDIT: as i now see you don't permit pm's to your login ill email it shortly.
 
SSL WGET

Hi guys :)
<snip>
I'm not too sure what's up at this point. If you'd like to send your IP/root pass to [email protected] I'll be happy to take a look.
</snip>

I dont know what utopia you live in!

why would anyone give there root password out ROTFL.

second to that Wget is not native to the freebsd wget is plagued by exploits in its code

I would suggest that freebsd users use
lynx-ssl
to download any ssl files from your site.

Regards Talon
MagicShells Admin.
 
Actually the DA Installation Guide says:
Login as root and download the setup.sh file


# wget http://www.directadmin.com/setup.sh

Hint: Use "fetch" instead of "wget" on FreeBSD systems.
Click to expand...
as the problem is known.

And a question to both Talon and jschurawlow:

You've bought a product without installation support to save money. You've written and asked for help, and the support department was nice enough to let you know they're happy to help you.

And you wan't that help, but you don't want them to be able to log into your machine to help you?

That sounds fairly shortsighted to me. No two systems are exactly the same and if you don't let them support your system you have no-one to blame but yourself if you can't get DA running.

You can always change your root password immediately after they resolve the problem.

Note that if you don't want to send the support password in an open email you can use the DA "Safe Submit" page here.

Jeff
 
Login as root and download the setup.sh file


# wget http://www.directadmin.com/setup.sh

Hint: Use "fetch" instead of "wget" on FreeBSD systems.
Click to expand...

Jeff for one thing we are talking about an ssl issue and this is not even in reference to an initial install of DA but to an issue where the license key file will not wget to the server DA is installed on.

Fact remains everytime thus far that I have had a need to contact support I have ended up solving the problem by other means before receiving a response. DA do not get me wrong is a great control panel but I honestly think someone not wishing to be giving out their root information to just anyone shouldn't be deemed the need for such a response Jeff.

-Justin
 
What can i say

I wont start a flame war ;)

Regards Talon
aka DirectAdmin CleanerUperer.
 
jschurawlow said:
Jeff for one thing we are talking about an ssl issue and this is not even in reference to an initial install of DA but to an issue where the license key file will not wget to the server DA is installed on.
Click to expand...
I merely pointed out that DA knows there's an issue with wget and recommends fetch with FreeBSD. I'm sorry if the information wasn't helpful.
Fact remains everytime thus far that I have had a need to contact support I have ended up solving the problem by other means before receiving a response. DA do not get me wrong is a great control panel but I honestly think someone not wishing to be giving out their root information to just anyone shouldn't be deemed the need for such a response Jeff.
Click to expand...
Fact remains that DA shouldn't be expected to have to build a server on their end and try to duplicate an error in order to fix it when they could find it in seconds to minutes if they could log into the server and run some diagnostics.

If anyone doesn't want to give out root password that's fine. I know we don't work on systems where we don't have the root password, and I know our customers seem to understand that.

Some of them create temporary root logins for us, and then delete them afterwards; that works, too.

But it's pretty hard to fix a server without a login.

Jeff
 
But it's pretty hard to fix a server without a login.

Hi again Jef

The only reason i posted to the forum
was to describe a method of downloading
the LICENSE file.

My Method worked for what we needed

Really think about it
(Give Us Ya Root Pass)

Im sure your completely trustworthy
The reason i laughed so hard was

1 what do you know about FreeBSD you would break our box (colo) DA has done this twice by itself we cant afford to let any
linux / windows admin touch our custom
install or hose our firewall.

2 do you have any idea how fast and easy it is to install a rootkit and own a unix box or
trash the filesystem with a typo.

3 Its just wrong to ask .. like me saying Hi
whats your sisters phone number, if your customers understand that you need root on there box ... pardon me for saying but they are NOOBS and shouldnt be using unix in the first place as they will be exploited and cause problems for not only themselves but there upstream providers and the internet in general


-- But thanks all the same for the help that the owner of the colo machine DID NOT recieve

Regards Talon
 
You must log in or register to reply here.
Back
Top