"Certificate expired" error with valid certificate #230
Comments
sensibleish
changed the title
|
Seeing this as well. |
|
Same issue; can confirm the remote server also has valid cert |
|
I have the same issue and I've tried a few things on my end to work around this problem. I'll note I am running Windows 10 using Electorrent version A. Manually installed LetsEncrypt's new root certificate.
B. Manually defining the certificate. For additional reference, here's an example certificate object I was testing. Note for the // config.js
{
"certificates": [
{
"data": "C:/Users/<user>/AppData/Roaming/Electorrent/certs/isrgrootx1.pem",
"issuer": {
"commonName": "R3",
"organizations": "Let's Encrypt",
"country": "US"
},
"issuerName": "R3",
"subject": {
"commonName": "domain.example.com"
},
"subjectName": "domain.example.com",
"serialNumber": "00xx00x0xx0x0000x0xx0000xxxx0x0xxx00",
"validStart": 1634638396,
"validExpiry": 1642417995,
"fingerprint": "xxx00xx00xxxxx0000x0x0x0000x000000000xx"
}
]
}C. Purging existing Electorrent configs/cache, and reinstalling. None of these had any impact. @tympanix Are you able to offer any insights? How can we resolve this issue? |
|
I'm getting dead project vibes. |
|
@phuze Thank you for you detailed debugging. The problem here is that NodeJS stores TLS certificates in the runtime and does not use the certificates provided by your operating system. To fix the issue we have to update the NodeJS runtime, meaning, updating the Electron framework, which bundles NodeJS. I've tried updating the Electron dependency to fix the issue but no successful attempt yet (app keeps breaking). I suggest that we update Electron to the lowest version, which has the fix for the expired Let's Encrypt certificate (to fix as few things as possible). I'm still trying to figure out which version of NodeJS (and therefore Electron) that is exactly. P.S. Not a dead project per se, but the time and effort I have to maintain this in my spare time is limited. I hope we can find a solution which is suited for this. Sorry for the late reply. |
|
@tympanix Appreciate the follow up mate. It looks like someone from the Postman team identified a fix. A patch has been merged into Electron and backported to previous versions, including 13.x which this project is currently using. I'm thinking this just requires a rebuild so that patch gets rolled into the Electorrent app. |
|
Well, that's because I just updated from v9 to v13 this afternoon to fix the issue. Nice that you found some links with confirmation on the fix. Now, TravisCI apparently dropped OSS support, which means I have no release pipeline (yup, haven't cached up in a while). I guess it's time for GitHub Actions. |
|
Got v2.7.3 released which should fix the problem. Feedback appreciated if you can confirm. |
|
I can confirm all good now. Thank you! |
Client:
Client Version:
Unknown
Operating System:
Unknown, looks like some Linux flavor
Application Version:
Electorrent 2.7.2 on Mac OS 11.6
Description:
Electorrent is throwing a "certificate expired" error even though the remote server has a valid certificate. I suspect this is related to the issue discussed in https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
I'm using Electorrent with a hosted rTorrent server. I do not have interactive shell login so I have minimal information about the server side. However, it worked fine for months. This is the first time in October I have tried it (i.e. after the September 30 certificate expiration mentioned in the article). If I use my Mac's certificate assistant to retrieve and evaluate the certificates from the server, it shows them as valid with a Let's Encrypt (ISRG) root CA:
Further guessing: Electorrent bundles its own set of root CA certs, and needs to update?
The text was updated successfully, but these errors were encountered: