Daniel Barrett
2016-12-07 01:24:22 UTC
I'm seeking help with a MediaWiki 1.27.1 site that uses VisualEditor
and parsoid. Everything worked perfectly until I switched from a
non-secure site to using SSL (with a valid, commercial cert). Now I
get an error 500 each time I try to launch VisualEditor. The problem
goes away if I set:
parsoidConfig.strictSSL = false;
The cert is purchased from Comodo (PositiveSSL), not self-signed, and
it yields a green padlock in Chrome.
I believe I'm using parsoid 0.6.1all on Ubuntu 16.04LTS. I also see
Comodo root certs in /etc/ssl/certs.
The errors in the parsoid log are:
{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":40,"logType":"warning/api/unable_to_verify_leaf_signature","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Failed API request, {\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":1}","longMsg":"Failed API request,\n{\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":1}","levelPath":"warn/api/unable_to_verify_leaf_signature","time":"2016-12-07T01:00:28.297Z","v":0}
{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":40,"logType":"warning/api/unable_to_verify_leaf_signature","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Failed API request, {\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":0}","longMsg":"Failed API request,\n{\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":0}","levelPath":"warn/api/unable_to_verify_leaf_signature","time":"2016-12-07T01:00:28.333Z","v":0}
{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":60,"logType":"fatal/request","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Template Fetch failure for \"Home\": Error: unable to verify the first certificate","stack":"Error: Template Fetch failure for \"Home\": Error: unable to verify the first certificate\n at TemplateRequest.ApiRequest._requestCB (/usr/lib/parsoid/src/lib/mw/ApiRequest.js:395:15)\n at self.callback (/usr/lib/parsoid/node_modules/request/request.js:187:22)\n at emitOne (events.js:77:13)\n at Request.emit (events.js:169:7)\n at Request.onRequestError (/usr/lib/parsoid/node_modules/request/request.js:813:8)\n at emitOne (events.js:77:13)\n at ClientRequest.emit (events.js:169:7)\n at TLSSocket.socketErrorListener (_http_client.js:258:9)\n at emitOne (events.js:77:13)\n at TLSSocket.emit (events.js:169:7)\n at emitErrorNT (net.js:1256:8)\n at nextTickCallbackWith2Args (node.js:441:9)\n at process._tickCallback (node.js:355:17)","longMsg":"Template Fetch failure for \"Home\": Error: unable to verify the first certificate","levelPath":"fatal/request","time":"2016-12-07T01:00:28.340Z","v":0}
Any help appreciated!
Dan
and parsoid. Everything worked perfectly until I switched from a
non-secure site to using SSL (with a valid, commercial cert). Now I
get an error 500 each time I try to launch VisualEditor. The problem
goes away if I set:
parsoidConfig.strictSSL = false;
The cert is purchased from Comodo (PositiveSSL), not self-signed, and
it yields a green padlock in Chrome.
I believe I'm using parsoid 0.6.1all on Ubuntu 16.04LTS. I also see
Comodo root certs in /etc/ssl/certs.
The errors in the parsoid log are:
{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":40,"logType":"warning/api/unable_to_verify_leaf_signature","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Failed API request, {\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":1}","longMsg":"Failed API request,\n{\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":1}","levelPath":"warn/api/unable_to_verify_leaf_signature","time":"2016-12-07T01:00:28.297Z","v":0}
{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":40,"logType":"warning/api/unable_to_verify_leaf_signature","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Failed API request, {\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":0}","longMsg":"Failed API request,\n{\"error\":{\"code\":\"UNABLE_TO_VERIFY_LEAF_SIGNATURE\"},\"retries-remaining\":0}","levelPath":"warn/api/unable_to_verify_leaf_signature","time":"2016-12-07T01:00:28.333Z","v":0}
{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":60,"logType":"fatal/request","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Template Fetch failure for \"Home\": Error: unable to verify the first certificate","stack":"Error: Template Fetch failure for \"Home\": Error: unable to verify the first certificate\n at TemplateRequest.ApiRequest._requestCB (/usr/lib/parsoid/src/lib/mw/ApiRequest.js:395:15)\n at self.callback (/usr/lib/parsoid/node_modules/request/request.js:187:22)\n at emitOne (events.js:77:13)\n at Request.emit (events.js:169:7)\n at Request.onRequestError (/usr/lib/parsoid/node_modules/request/request.js:813:8)\n at emitOne (events.js:77:13)\n at ClientRequest.emit (events.js:169:7)\n at TLSSocket.socketErrorListener (_http_client.js:258:9)\n at emitOne (events.js:77:13)\n at TLSSocket.emit (events.js:169:7)\n at emitErrorNT (net.js:1256:8)\n at nextTickCallbackWith2Args (node.js:441:9)\n at process._tickCallback (node.js:355:17)","longMsg":"Template Fetch failure for \"Home\": Error: unable to verify the first certificate","levelPath":"fatal/request","time":"2016-12-07T01:00:28.340Z","v":0}
Any help appreciated!
Dan