[LON-CAPA-admin] Problems during Course Initialization occur after cloning a course

Martin Diedrich diedrich at rz.tu-clausthal.de
Thu Sep 25 06:30:12 EDT 2014 

Hello Stuart,

many thanks for pointing me to that issue!

I tried using wget and got a certificate error (19, self signed). But I 
could not find the reason as the certificate chain is configured 
correctly and there were no failures using firefox browser connecting to 
the machine. The certificate itself is signed by a CA and no certificate 
in the chain is self-signed except for the root CA certificate. Using 
wget from other machines connecting to our loncapa-server the problem 
sometimes occured, sometimes it didn't - depending on the machine used 
(not indeterministic by request or time).

I found out that there is an environment variable existing to disable 
verification of certificates (PERL_LWP_SSL_VERIFY_HOSTNAME = 0). When I 
added this to /etc/environment, everything worked fine as far as I could 
check yet. This is ok as it's the behavior from before the Ubuntu update 
but I'd surely prefer checking the certificates as it's done by default 
today. Do you have any hint for realizing that or is disabling the 
certificate check the only way to keep it running at the moment?

As I said before - many thanks for your quick and competent responses in 
this list, this is for sure very very helpful :)!

Greetings from germany
Martin Diedrich

Am 23.09.2014 18:00, schrieb Stuart Raeburn:

> Martin,
>
>> Doing a test by cloning the original course again results in getting
>> the same error. No other courses seem to be affected.
>
>> Invalid map: /home/httpd/html/adm/notfound.html
>
> This error means that the initial replication of the default.sequence
> file (the XML file of course contents at the top level folder in the
> course) failed, resulting in a top-level course URL of
> /adm/notfound.html.
>
> I would however expect that cloning etc. would have proceeded despite this.
>
> The most likely reason for the replication failure is that your Apache
> default-ssl.conf file does not include an entry for the correct Server
> Certificate Chain.
>
> Look for: SSLCertificateChainFile in that file.
>
> The version of libwww-perl used by Ubuntu 12.04 will not, by default,
> retrieve a file from an https:// URL unless the certificate chain can
> be used to verify the hostname.
>
> If it cannot, LWP will return a 500 error, and the URL for the course
> will be set to /adm/notfound.html
>
> Look in /home/httpd/perl/logs/lonnet.log for:
>
> <font color="blue">WARNING: LWP get: 500
> Can't connect to <hostname>:443 (certificate verify failed):
>
> You could also check in /var/log/apache2/ssl_access_log for entries
> similar to:
>
> "GET /userfiles/tuc/<courseid>/default.sequence HTTP/1.1"
>
> where <courseid> is the internal courseID of the course you created in
> the tuc domain.
>
> However, if certificate verification did indeed fail, LWP will not
> have made the request, so you'll not find a "GET" for that URL logged
> in ssl_access_log.
>
>   From the command line you might check whether the certificate chain
> is valid by using:
>
> wget https://loncapa.tu-clausthal.de/userfiles/tuc/<courseid>/default.sequence
>
> replacing <courseid> with the internal courseID of the course.
>
>
> Stuart Raeburn
> LON-CAPA Academic Consortium

-- 
Dipl.-Wirt.-Inf. Martin Diedrich   E-Mail: diedrich at rz.tu-clausthal.de
Rechenzentrum TU Clausthal         Telefon: +49 5323 72 2522
Erzstrasse 51                      Jabber: ifmdi at jabber.tu-clausthal.de
38678 Clausthal-Zellerfeld         WWW: http://www.rz.tu-clausthal.de/

More information about the LON-CAPA-admin mailing list