python library don't always use OS certificates ... typically, we have to set REQUESTS_CA_BUNDLE=/path/to/custom_ca_bundle_crt
because requests
ignore OS certificates
Answered
For Some Reason, The Http Library Used By Clearml Does Not Like My Server'S Ssl. I Have Installed Clearml As A Docker Compose On My Truenas Scale With A Valid Certificate. When I Login Using Curl, All Is Good:
For some reason, the HTTP library used by ClearML does not like my server's SSL. I have installed ClearML as a docker compose on my TrueNAS Scale with a valid certificate. When I login using curl, all is good:
❯ curl -u "****:***********" -X GET
{"meta":{"id":"....","trx":"....","endpoint":{"name":"auth.login","requested_version":"2.30","actual_version":"1.0"},"result_code":200,"result_subcode":0,"result_msg":"OK","error_stack":"","error_data":{}},"data":{"token":"...."}}%
But when I try try to run the clearml-init:
❯ clearml-init
ClearML SDK setup process
Please create new clearml credentials through the settings page in your `clearml-server` web app (e.g.
)
Or create a free account at
In settings page, press "Create new credentials", then press "Copy to clipboard".
Paste copied configuration here:
api {
web_server:
api_server:
# Delbar
credentials {
"access_key" = "****"
"secret_key" = "***********"
}
}
Detected credentials key="****" secret="Di2n***"
Web app hosted on standard port using https protocol.
Assuming files and api ports are unchanged and use the same (https) protocol
ClearML Hosts configuration:
Web App:
API:
File Store:
Verifying credentials ...
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'clearml_apiserver.nas1.home.example.com'. (_ssl.c:1000)"))': /auth.login
This while the openssl shows an acceptable CN:
❯ openssl s_client -connect clearml_apiserver.nas1.home.example.com:443 -showcerts
Connecting to 192.168.1.250
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E5
verify return:1
depth=0 CN=*.nas1.home.example.com
verify return:1
For now, I can get around the problem with using IPs and HTTP protocol but it would be nice to understand why ClearML does not like my SSL certificate.
757 Views
1
Answer
9 months ago
9 months ago
Tags
Similar posts