Fatal: unable to access 'https://github.com/SamSaffron/pups.git/'


(Wingysam) #1

I have followed the instructions at discourse/INSTALL-cloud.md at master · discourse/discourse · GitHub, and received this error while attempting ./discourse-setup:

fatal: unable to access 'https://github.com/SamSaffron/pups.git/': SSL: certificate subject name (jetdevs.xyz) does not match target host name 'github.com'
281e1ca9794eccc050c2100c479a4511bc7e17e045c8e92654e45747997ec477

The following is the output of ./discourse-setup after configuration:


ENTER to continue, 'n' to try again, Ctrl+C to exit: 

Configuration file at  updated successfully!

Updates successful. Rebuilding in 5 seconds.
Building app

WARNING: We are about to start downloading the Discourse base image
This process may take anywhere between a few minutes to an hour, depending on your network speed

Please be patient

Unable to find image 'discourse/base:2.0.20180404' locally
2.0.20180404: Pulling from discourse/base
22dc81ace0ea: Pulling fs layer
1a8b3c87dba3: Pulling fs layer
91390a1c435a: Pulling fs layer
07844b14977e: Pulling fs layer
b78396653dae: Pulling fs layer
ef3e3cc07f1b: Pulling fs layer
b78396653dae: Waiting
ef3e3cc07f1b: Waiting
91390a1c435a: Verifying Checksum
91390a1c435a: Download complete
1a8b3c87dba3: Verifying Checksum
1a8b3c87dba3: Download complete
07844b14977e: Verifying Checksum
07844b14977e: Download complete
b78396653dae: Verifying Checksum
b78396653dae: Download complete
22dc81ace0ea: Download complete
22dc81ace0ea: Pull complete
1a8b3c87dba3: Pull complete
91390a1c435a: Pull complete
07844b14977e: Pull complete
b78396653dae: Pull complete
ef3e3cc07f1b: Verifying Checksum
ef3e3cc07f1b: Download complete
ef3e3cc07f1b: Pull complete
Digest: sha256:745365df6e01943d48cbe4c59214c76ac302def2d00a07aff07d625b306bbeb7
Status: Downloaded newer image for discourse/base:2.0.20180404
Ensuring launcher is up to date
Fetching origin
Launcher is up-to-date
cd /pups && git pull && /pups/bin/pups --stdin
fatal: unable to access 'https://github.com/SamSaffron/pups.git/': SSL: certificate subject name (jetdevs.xyz) does not match target host name 'github.com'
456ba8b4c0956f5482a0ce4421b9403a9ca613494aa46c078a860519ab7dea64
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one

(Michael Brown) #2
fatal: unable to access 'https://github.com/SamSaffron/pups.git/':
  SSL: certificate subject name (jetdevs.xyz) does not match target host name 'github.com'

git was expecting to connect to github and ended up somewhere else - hence the certificate error

Do you have something “funny” set up in your network, like a proxy?

If you try again, does it work?


(Wingysam) #3

I do not believe I have a proxy, although it is possible because I am using a VPS from Scaleway.
I tried twice, and it did not work. I have Docker set to use Google’s DNS. My hosts file is this:

127.0.1.1       scw-1da44d scw-1da44d
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

cURL is able to reach Github:

root@scw-1da44d:/var/discourse# curl github.com -v
* Rebuilt URL to: github.com/
*   Trying 192.30.253.112...
* Connected to github.com (192.30.253.112) port 80 (#0)
> GET / HTTP/1.1
> Host: github.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Content-length: 0
< Location: https://github.com/
< 
* Connection #0 to host github.com left intact

(Michael Brown) #4

Does curl https://github.com/ work?


(Michael Friedrich) #5

Try it with openssl directly to see the presented certificate.

openssl s_client -connect github.com:443

(Jay Pfaffman) #6

You might check this topic: Install discourse on AWS inctance ubuntu 18.04. It sounds similar.


(Wingysam) #7

@supermathie curl https://github.com/: http://dpaste.com/14KZWJ7.txt
@dnsmichi openssl s_client -connect github.com:443: http://dpaste.com/3NDE1WV.txt
@pfaffman I have access to 8.8.8.8.


(Michael Friedrich) #8

Hm, maybe a transparent proxy which just forwards the TLS requests (HA proxy et al). I’d rather say that DNS doesn’t work here,

jetdevs.xyz is an obfuscated FQDN, or is it really what’s shown in your output?


(Wingysam) #9

jetdevs.xyz is my domain.


(Michael Friedrich) #10

Hm, check with your VM provider then please. If there really is a proxy in place, it may have troubles and they should have it monitored or noticed.


(Andrew Schleifer) #11

This error…

…and this output…

…contradict each another. Inside the container and outside the container you get different certificates for Github.

Have you changed the network configuration for docker in any way in ~/.docker/config.json or in /etc/docker/daemon.json?


(Jay Pfaffman) #12

I recently had a problem that was due to having some bogus stuff in /etc/resolve.conf. Resolution worked just fine outside the container, but inside the container it would fail.

I’d check /etc/resov.conf and see that the nameservers line is something that makes sense and/or change it to something that you’re sure does.