Discourse Connect (sso) and avatar updating issue

Hello Discourse fellows!

From some time I have an opportunity to administrative my own instance of Discourse. I’ve enabled Discourse Connect (SSO) and in general everythins works fine except for one thing - the avatar updating.

My Discourse version is 2.7.8. In settings I’ve got enabled ‘discourse connect overrides avatar’.

From error message in Discourse logs (attached below) I can conclude that there is some problem with certificate validation.

Please look out this:

When my avatar is downloading from this URL (via SSO), it’s OK

But downloading from this url, it’s not OK :frowning:

Technically this is the same resource (based on Azure Blob storage), but cdn.otoagent.pl is just alias with other certificate. Something like ignore certificate validation should works in this case, but how can I do this? ;>

Here is what I’ve found in Discourse logs:

Job exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

stack:
/opt/bitnami/ruby/lib/ruby/2.7.0/net/protocol.rb:44:in `connect_nonblock'
/opt/bitnami/ruby/lib/ruby/2.7.0/net/protocol.rb:44:in `ssl_socket_connect'
/opt/bitnami/ruby/lib/ruby/2.7.0/net/http.rb:1009:in `connect'
/opt/bitnami/ruby/lib/ruby/2.7.0/net/http.rb:943:in `do_start'
/opt/bitnami/ruby/lib/ruby/2.7.0/net/http.rb:932:in `start'
/opt/bitnami/ruby/lib/ruby/2.7.0/net/http.rb:606:in `start'
/opt/bitnami/discourse/lib/final_destination.rb:444:in `safe_session'
/opt/bitnami/discourse/lib/final_destination.rb:395:in `safe_get'
/opt/bitnami/discourse/lib/final_destination.rb:133:in `get'
/opt/bitnami/discourse/lib/file_helper.rb:56:in `download'
/opt/bitnami/discourse/app/models/user_avatar.rb:98:in `import_url_for_user'
/opt/bitnami/discourse/app/jobs/regular/download_avatar_from_url.rb:18:in `execute'
/opt/bitnami/discourse/app/jobs/base.rb:232:in `block (2 levels) in perform'
rails_multisite-3.0.0/lib/rails_multisite/connection_management.rb:80:in `with_connection'
/opt/bitnami/discourse/app/jobs/base.rb:221:in `block in perform'
/opt/bitnami/discourse/app/jobs/base.rb:217:in `each'
/opt/bitnami/discourse/app/jobs/base.rb:217:in `perform'
sidekiq-6.2.1/lib/sidekiq/processor.rb:196:in `execute_job'
sidekiq-6.2.1/lib/sidekiq/processor.rb:164:in `block (2 levels) in process'
sidekiq-6.2.1/lib/sidekiq/middleware/chain.rb:138:in `block in invoke'
/opt/bitnami/discourse/lib/sidekiq/pausable.rb:138:in `call'
sidekiq-6.2.1/lib/sidekiq/middleware/chain.rb:140:in `block in invoke'
sidekiq-6.2.1/lib/sidekiq/middleware/chain.rb:143:in `invoke'
sidekiq-6.2.1/lib/sidekiq/processor.rb:163:in `block in process'
sidekiq-6.2.1/lib/sidekiq/processor.rb:136:in `block (6 levels) in dispatch'
sidekiq-6.2.1/lib/sidekiq/job_retry.rb:112:in `local'
sidekiq-6.2.1/lib/sidekiq/processor.rb:135:in `block (5 levels) in dispatch'
sidekiq-6.2.1/lib/sidekiq/rails.rb:14:in `block in call'
activesupport-6.1.3.2/lib/active_support/execution_wrapper.rb:88:in `wrap'
activesupport-6.1.3.2/lib/active_support/reloader.rb:72:in `block in wrap'
activesupport-6.1.3.2/lib/active_support/execution_wrapper.rb:88:in `wrap'
activesupport-6.1.3.2/lib/active_support/reloader.rb:71:in `wrap'
sidekiq-6.2.1/lib/sidekiq/rails.rb:13:in `call'
sidekiq-6.2.1/lib/sidekiq/processor.rb:131:in `block (4 levels) in dispatch'
sidekiq-6.2.1/lib/sidekiq/processor.rb:257:in `stats'
sidekiq-6.2.1/lib/sidekiq/processor.rb:126:in `block (3 levels) in dispatch'
sidekiq-6.2.1/lib/sidekiq/job_logger.rb:13:in `call'
sidekiq-6.2.1/lib/sidekiq/processor.rb:125:in `block (2 levels) in dispatch'
sidekiq-6.2.1/lib/sidekiq/job_retry.rb:79:in `global'
sidekiq-6.2.1/lib/sidekiq/processor.rb:124:in `block in dispatch'
sidekiq-6.2.1/lib/sidekiq/logger.rb:11:in `with'
sidekiq-6.2.1/lib/sidekiq/job_logger.rb:33:in `prepare'
sidekiq-6.2.1/lib/sidekiq/processor.rb:123:in `dispatch'
sidekiq-6.2.1/lib/sidekiq/processor.rb:162:in `process'
sidekiq-6.2.1/lib/sidekiq/processor.rb:78:in `process_one'
sidekiq-6.2.1/lib/sidekiq/processor.rb:68:in `run'
sidekiq-6.2.1/lib/sidekiq/util.rb:43:in `watchdog'
sidekiq-6.2.1/lib/sidekiq/util.rb:52:in `block in safe_thread'

Thank you in advance for your help! :slight_smile:

This is a hard one, being SSL related it could be that the unsupported bitnami setup you have is causing this issue.

Can you reproduce this issue on an official install?

@sam - Okey, but I’ve installed my instance on Kubernetes cluster and Bitnami got prepared own Helm chart for this purpose.

I see the official install based on Docker and I’m not sure how to launch this on K8s cluster properly. Is there any docs with official instruction how it should be done?

Regards, AErott