[LON-CAPA-admin] error 443
Raeburn, Stuart
raeburn at msu.edu
Sun May 31 18:08:00 EDT 2020
Hello hk,
See: mail.lon-capa.org/pipermail/lon-capa-admin/2020-May/003425.html
which I posted earlier today.
I checked the SSL certificate chain for: loncapa10.fsu.edu by pointing a web browser at: whatsmychaincert.com/?loncapa10.fsu.edu
and it reported:
"loncapa10.fsu.edu has a trusted chain containing an expired certificate. This chain will work with modern web browsers but may fail with older clients".
>
> While students can login etc, but when I try to do some manual grading,
> the following error occurs
>
>
In this case, internal web requests (which use LWP) are failing because of the expired AddTrust External CA Root certificate. Looking at the SSL certificate for loncapa10.fsu.edu, it appears it is issued by Sectigo (not InCommon), but it lists USERTrust as the CA Root, so, as is the case for certificates from InCommon, certificates from Sectigo are also impacted by the expiry of the AddTrust CA Root certificate.
If you modify the certificate chain to remove the expired AddTrust CA Root certificate and reload Apache that will fix things.
See: support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT
Other options:
1. Install SSL certificates from letsencrypt.org (using the certbot tool).
or
2. As a temporary workaround you could disable hostname verification by LWP when using SSL by setting: $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
(e.g., in /etc/environment)
Stuart Raeburn
LON-CAPA Academic Consortium
________________________________________
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of H. K. Ng <hkng at fsu.edu>
Sent: Sunday, May 31, 2020 5:21 PM
To: list about administration and system updating
Subject: [LON-CAPA-admin] error 443
Hi all,
Seems that all my loncapa servers are suffering from error 443. While students can login etc, but when I try to do some manual grading, the following error occurs
An unrecoverable network error occurred:
Unable to retrieve a resource from a server:
Resource: /res/fsu/openstax-CollegePhysics/05_NewtonsLaws-Friction/07_Friction.problem
Error: 500 Can't connect to loncapa10.fsu.edu:443<https://urldefense.com/v3/__http://loncapa10.fsu.edu:443__;!!HXCxUKc!gwerAvuHLHOascN4oTfAELGvXQVRt2v1JQGqQYuUee0XjhacY9RJrfMjydp4IQ$>
It is recommended that you try again later, as this error may mean the server was just temporarily unavailable, or is down for maintenance.
If the error persists, please contact the Helpdesk for assistance.
The resource is there. Also, if I use the course editor and try to add/remove a resource, nothing happens. Any idea what is going on?
Thanks,
Regards,
-hk
More information about the LON-CAPA-admin
mailing list