Hooverdan
November 2, 2021, 3:21am
2
@havik65240 welcome to the Rockstor community forums. Sorry you’re running into issues with the Rockon refresh. It looks very similar to a certificate issue posted on the forum quite recently. @Flox
and here is the workaround from @Flox :
As has been reported by a few users , our now legacy Rockstor 3 is now facing issues when trying to refresh the list of available Rock-ons.
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
After a bit of investigation, the issue appears related to older certificates used by the python requests package, which comes bundled with its own. Due to the age of these certificates in our legacy Rockstor 3 version, these certificates are no-longer valid, resulting in the …
specifically this section
Now, let’s actually work around that:
run yum update and wait for all updates to be applied. You might even consider a reboot at this point if a lot of packages related to the core system were included. This is to ensure we have an up-to-date system, especially anything related to ssl certificates.
Locate your system certificates. By default, they should be located at /etc/ssl/certs/ . Make sure the following does list the certificates.
ls -la /etc/ssl/certs/*
Now, we can tell python requests to use one of this certificates instead of its own. As mentioned above, we need to do this in two different lines of the same file:
sed -i "s:requests.get(remote_root, timeout=10):requests.get(remote_root, timeout=10, verify='/etc/ssl/certs/ca-bundle.crt'):g" /opt/rockstor/src/rockstor/storageadmin/views/rockon.py
sed -i "s:requests.get(cur_meta_url, timeout=10):requests.get(cur_meta_url, timeout=10, verify='/etc/ssl/certs/ca-bundle.crt'):g" /opt/rockstor/src/rockstor/storageadmin/views/rockon.py
for a quick info, the sed -i "s:pattern:replacement:g" file command simply replaces inplace ( -i option) the characters that match a specific pattern ( pattern ) with a new string of characters ( replacement ).
Inspect the file to make sure have indeed added , verify='/etc/ssl/certs/ca-bundle.crt' to the requests. This will ensure the system’s certificates are used instead of requests 's default ones.
Finally, restart the rockstor service for the changes to take effect:
systemctl restart rockstor
Give that a try.
3 Likes
