Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding an "already expired" ssl site fails. #36

Open
kwri-avongluck opened this issue Sep 24, 2020 · 4 comments
Open

Adding an "already expired" ssl site fails. #36

kwri-avongluck opened this issue Sep 24, 2020 · 4 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@kwri-avongluck
Copy link 

2020-09-24 17:48:40] local.ERROR: Could not download certificate for host `XXX.XXX.com` because Could not connect to `XXX.XXX.com`. {"userId":1,"exception":"[object] (Spatie\\SslCe
rtificate\\Exceptions\\CouldNotDownloadCertificate\\UnknownError(code: 0): Could not download certificate for host `XXX.XXX.com` because Could not connect to `XXX.XXX.com`. at /home
/odin/odin/vendor/spatie/ssl-certificate/src/Exceptions/CouldNotDownloadCertificate.php:24)
[stacktrace]
#0 /home/odin/odin/vendor/spatie/ssl-certificate/src/Downloader.php(171): Spatie\\SslCertificate\\Exceptions\\CouldNotDownloadCertificate::unknownError()
#1 /home/odin/odin/vendor/spatie/ssl-certificate/src/Downloader.php(90): Spatie\\SslCertificate\\Downloader->fetchCertificates()
#2 /home/odin/odin/vendor/spatie/ssl-certificate/src/Downloader.php(120): Spatie\\SslCertificate\\Downloader->getCertificates()
#3 /home/odin/odin/vendor/spatie/ssl-certificate/src/Downloader.php(129): Spatie\\SslCertificate\\Downloader->forHost()
#4 /home/odin/odin/vendor/spatie/ssl-certificate/src/SslCertificate.php(31): Spatie\\SslCertificate\\Downloader::downloadCertificateFromUrl()
#5 /home/odin/odin/app/Checkers/Certificate.php(34): Spatie\\SslCertificate\\SslCertificate::createForHostName()
#6 /home/odin/odin/app/Checkers/Certificate.php(28): App\\Checkers\\Certificate->fetch()
#7 /home/odin/odin/app/Jobs/CertificateCheck.php(41): App\\Checkers\\Certificate->run()
#8 [internal function]: App\\Jobs\\CertificateCheck->handle()
#9 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(37): call_user_func_array()
#10 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Container/Util.php(37): Illuminate\\Container\\BoundMethod::Illuminate\\Container\\{closure}()
#11 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(95): Illuminate\\Container\\Util::unwrapIfClosure()
#12 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(39): Illuminate\\Container\\BoundMethod::callBoundMethod()
#13 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Container/Container.php(596): Illuminate\\Container\\BoundMethod::call()
#14 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Bus/Dispatcher.php(94): Illuminate\\Container\\Container->call()
#15 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Bus\\Dispatcher->Illuminate\\Bus\\{closure}()
#16 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#17 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Bus/Dispatcher.php(98): Illuminate\\Pipeline\\Pipeline->then()
#18 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Bus/Dispatchable.php(53): Illuminate\\Bus\\Dispatcher->dispatchNow()
#19 /home/odin/odin/app/Http/Controllers/CertificateReportController.php(21): App\\Jobs\\CertificateCheck::dispatchNow()
#20 [internal function]: App\\Http\\Controllers\\CertificateReportController->__invoke()
#21 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): call_user_func_array()
#22 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#23 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Route.php(239): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#24 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Route.php(196): Illuminate\\Routing\\Route->runController()
#25 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Router.php(685): Illuminate\\Routing\\Route->run()
#26 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#27 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#28 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#29 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(44): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Auth\\Middleware\\Authenticate->handle()
#31 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(77): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#32 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#33 /home/odin/odin/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#34 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
#35 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
#37 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle()
#38 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#40 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#41 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#42 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#43 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Router.php(687): Illuminate\\Pipeline\\Pipeline->then()
#44 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRouteWithinStack()
#45 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Router.php(628): Illuminate\\Routing\\Router->runRoute()
#46 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Routing/Router.php(617): Illuminate\\Routing\\Router->dispatchToRoute()
#47 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(165): Illuminate\\Routing\\Router->dispatch()
#48 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#49 /home/odin/odin/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#50 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\\Debugbar\\Middleware\\InjectDebugbar->handle()
#51 /home/odin/odin/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#52 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle()
#53 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#54 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#55 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#56 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#57 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#58 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#59 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#60 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle()
#61 /home/odin/odin/vendor/owenmelbz/domain-enforcement/src/DomainEnforcementAgency.php(34): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#62 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): OwenMelbz\\DomainEnforcement\\DomainEnforcementAgency->handle()
#63 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#64 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(140): Illuminate\\Pipeline\\Pipeline->then()
#65 /home/odin/odin/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(109): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#66 /home/odin/odin/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle()
#67 {main}
"}
@OwenMelbz
Copy link
Collaborator

Hi,

This looks like it's related to the SSL package by Spatie spatie/ssl-certificate

Will give it a look when we get some time, or if you could submit a PR to fix it then can merge.

Thanks

@OwenMelbz OwenMelbz added bug Something isn't working help wanted Extra attention is needed labels Sep 24, 2020
@kwri-avongluck
Copy link
Author

The issue appears to be due to "spatie/ssl-certificate" adding a "verify" flag to it's certificate downloader:

   public function withVerifyPeer(bool $verifyPeer)
    {
        $this->verifyPeer = $verifyPeer;

        return $this;
    }

    public function withVerifyPeerName(bool $verifyPeerName)
    {
        $this->verifyPeerName = $verifyPeerName;

        return $this;
    }

There's a bug about it here:
spatie/ssl-certificate#69

Here's the workaround:

diff --git a/app/Checkers/Certificate.php b/app/Checkers/Certificate.php
index bcbca87..058da18 100644
--- a/app/Checkers/Certificate.php
+++ b/app/Checkers/Certificate.php
@@ -31,7 +31,7 @@ class Certificate
 
     private function fetch()
     {
-        $certificate = SslCertificate::createForHostName($this->website->certificate_hostname);
+        $certificate = SslCertificate::download()->withVerifyPeer(false)->withVerifyPeerName(false)->forHost($this->website->certificate_hostname);
 
         $scan = new CertificateScan([
             'issuer' => $certificate->getIssuer(),

@OwenMelbz
Copy link
Collaborator

Hey @kwri-avongluck

Thanks for supplying the fix.

Are you able to provide a demo domain with an expired SSL so we can test our end please?

Thanks

@laurensramandt
Copy link

https://expired.badssl.com/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OwenMelbz @laurensramandt @kwri-avongluck