Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch script has certificate error. #454

Closed
jfountain opened this issue Mar 17, 2015 · 4 comments
Closed

Elasticsearch script has certificate error. #454

jfountain opened this issue Mar 17, 2015 · 4 comments

Comments

@jfountain
Copy link
Contributor

Running the elasticsearch install script fails due to certificate error on a Ubuntu 12.04 LTS vagrant box.

wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
--2015-03-17 14:08:33--  https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
Resolving download.elasticsearch.org (download.elasticsearch.org)... 54.225.133.195, 54.243.77.158, 54.225.64.161, ...
Connecting to download.elasticsearch.org (download.elasticsearch.org)|54.225.133.195|:443... connected.
ERROR: no certificate subject alternative name matches
    requested host name `download.elasticsearch.org'.
To connect to download.elasticsearch.org insecurely, use `--no-check-certificate'.

This may be due to the elasticesearch company , elasticsearch.org, rebranding itself to elastic.co recently. I can get around this by adding a --no-check-certificate in the wget in the script but I wanted to verify with others before sending in a pull request.
@fideloper
Copy link
Owner

Is it working now? I just went to that URL and got no warnings in the browser. Perhaps they quickly updated/renewned their SSL cert.

@jfountain
Copy link
Contributor Author

Working fine in my browser (most recent chrome on mac) but seems to still be an issue with wget.

Just tried this a second ago.

wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
--2015-03-17 15:44:03--  https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
Resolving download.elasticsearch.org (download.elasticsearch.org)... 54.225.64.161, 54.243.77.158, 54.225.133.195, ...
Connecting to download.elasticsearch.org (download.elasticsearch.org)|54.225.64.161|:443... connected.
ERROR: no certificate subject alternative name matches
    requested host name `download.elasticsearch.org'.
To connect to download.elasticsearch.org insecurely, use `--no-check-certificate'.

I did some digging and it's most likely a bug with older versions of wget. 12.04 has wget with this problem...

http://askubuntu.com/questions/324816/wget-doesnt-accept-googles-certificate
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/733888

And since it's stated in the readme This targets Ubuntu LTS releases, currently 14.04 possibly just close this?

@fideloper
Copy link
Owner

Interesting! I'll take a look in a bit and see if I can dig up anything
also.

Thanks!

On Tue, Mar 17, 2015 at 3:02 PM James Fountain [email protected]
wrote:

Working fine in my browser (most recent chrome on mac) but seems to still
be an issue with wget.

Just tried this a second ago.

wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
--2015-03-17 https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb--2015-03-17 15:44:03-- https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
Resolving download.elasticsearch.org (download.elasticsearch.org)... 54.225.64.161, 54.243.77.158, 54.225.133.195, ...
Connecting to download.elasticsearch.org (download.elasticsearch.org)|54.225.64.161|:443... connected.
ERROR: no certificate subject alternative name matches
requested host name download.elasticsearch.org'. To connect to download.elasticsearch.org insecurely, use--no-check-certificate'.

I did some digging and it's most likely a bug with older versions of wget.
12.04 has wget with this problem...

http://askubuntu.com/questions/324816/wget-doesnt-accept-googles-certificate
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/733888

And since it's stated in the readme this targets This targets Ubuntu LTS
releases, currently 14.04 possibly just close this?


Reply to this email directly or view it on GitHub
#454 (comment).

@jfountain
Copy link
Contributor Author

Got a suggestion from @drewr at elasticsearch on this....

Jimmy, a little more research here uncovered that your version of wget doesn't support SNI, which is the SSL extension that allows web servers to support vhosts with different certs (which we use). So, you could upgrade your wget, but an easier solution would be to switch from download.elasticsearch.org to download.elastic.co. The latter is the default cert handed over in the initial handshake.

I changed this in my fork and will put in a pull request.

fideloper added a commit that referenced this issue Mar 18, 2015
@fideloper
Merge pull request #455 from jfountain/elasticsearch-ssl-error-#454
5828056 
Elasticsearch ssl error Closes #454
theand added a commit to theand/Vaprobash that referenced this issue Mar 23, 2015
@theand
Merge commit '5828056bea92d95f6a72118de82cb2d950954a8d' into theand1404
1c4a09c 
* commit '5828056bea92d95f6a72118de82cb2d950954a8d':
  fideloper#454 Upped version, updated link and restored accidentally removed variable.
  Fixes fideloper#454 Changed url to work with older versions of wget.
  Update nodejs.sh

Conflicts:
	scripts/nodejs.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jfountain @fideloper