Project

General

Profile

Letsencrypt et Wazo 18.03

Added by Sébastien R 3 months ago

Bonjour,

j'essaye de mettre en place Letsencrypt sur la version 18.03

Le certificat Letsencrypt est bien pris en charge par l'interface, en revanche je n'arrive pas à le prendre en compte sur la page API j'ai l'impression qu'il prends le certificat Auto-Signé

Voici les logs :

wazo-call.logd.log

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/xivo/token_renewer.py", line 73, in _renew_token
    token = self._auth_client.token.new(self._backend, expiration=self._expiration)
  File "/usr/lib/python3/dist-packages/xivo_auth_client/commands/token.py", line 21, in new
    data=json.dumps(data))
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 535, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)

Xivo-agid.log

2018-04-08 09:03:10,857 [5356] (WARNING) (xivo.token_renewer): create token with wazo-auth failed
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/xivo/token_renewer.py", line 73, in _renew_token
    token = self._auth_client.token.new(self._backend, expiration=self._expiration)
  File "/usr/lib/python2.7/dist-packages/xivo_auth_client/commands/token.py", line 21, in new
    data=json.dumps(data))
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 535, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)>

xivo-ctid.log

2018-04-08 08:53:56,362 [5628] (INFO) (main): STOPPING XiVO CTI Server (pid 5628) / uptime 1 s (since Sun Apr  8 08:53:55 2018)
2018-04-08 08:53:57,276 [5628] (INFO) (service_discovery): Deregistering xivo-ctid from Consul services: dcda172a-e481-4c04-8bec-8ba2dce2efa3
2018-04-08 08:53:57,478 [5628] (ERROR) (service_discovery): failed to deregister
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/xivo/consul_helpers.py", line 104, in __exit__
    self._registerer.deregister()
  File "/usr/lib/python2.7/dist-packages/xivo/consul_helpers.py", line 260, in deregister
    raise exception
RegistererError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)

Je pense avoir suivi les différents process......

Pouvez-vous m'aider svp ?

Cordialement,
Sebastien R.


Replies (8)

RE: Letsencrypt et Wazo 18.03 - Added by Sébastien R 3 months ago

Re-bonjour,

Pas de réponse pour la mise en place de Letsencrypt :(

Donc j'ai acheté un certificat SSL et suivi la procédure [[http://documentation.wazo.community/en/stable/system/https_certificate.html]] et j'ai toujours le problème du CTId qui ne se lance pas........

voici mes diférrents logs :

xivo-agentd.log :

2018-04-11 09:43:03,290 [5713] (INFO) (service_discovery): registration failed, retrying in 2 seconds
2018-04-11 09:43:11,882 [5713] (INFO) (xivo_agent): (127.0.0.1) GET https://localhost:9493/1.0/agents 401
2018-04-11 09:43:11,884 [5713] (INFO) (service_discovery): Registering xivo-agentd on Consul as 64d70bbd-5779-4c89-a887-08773a6de818 with 192.168.99.20:9493
2018-04-11 09:43:17,070 [5713] (INFO) (service_discovery): registration failed, retrying in 2 seconds
2018-04-11 09:43:25,105 [5713] (INFO) (xivo_agent): (127.0.0.1) GET https://localhost:9493/1.0/agents 401
2018-04-11 09:43:25,108 [5713] (INFO) (service_discovery): Registering xivo-agentd on Consul as 64d70bbd-5779-4c89-a887-08773a6de818 with 192.168.99.20:9493
2018-04-11 09:43:30,241 [5713] (INFO) (service_discovery): registration failed, retrying in 2 seconds

xivo-agid.log :

ConnectionError: HTTPSConnectionPool(host='HOST', port=9497): Max retries exceeded with url: /0.1/token (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0xb5916d0c>: Failed to establish a new connection: [Errno 111] Connection refused',))
2018-04-11 09:13:38,193 [2195] (ERROR) (STDERR): /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:845: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
2018-04-11 09:13:38,312 [2195] (ERROR) (STDERR):   InsecureRequestWarning)
2018-04-11 09:27:35,470 [5512] (INFO) (xivo_agid.agid): xivo-agid starting...
2018-04-11 09:27:41,520 [5512] (ERROR) (STDERR): /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:845: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
2018-04-11 09:27:41,521 [5512] (ERROR) (STDERR):   InsecureRequestWarning)

xivo-amid.log

2018-04-11 07:55:13,686 [2953] (INFO) (xivo_ami.ami.client): Connecting AMI client to localhost:5038
2018-04-11 08:03:26,693 [2616] (INFO) (xivo_ami.ami.client): Connecting AMI client to localhost:5038
2018-04-11 08:10:11,513 [2749] (INFO) (xivo_ami.ami.client): Connecting AMI client to localhost:5038
2018-04-11 09:13:28,037 [2529] (INFO) (xivo_ami.ami.client): Connecting AMI client to localhost:5038
2018-04-11 09:27:43,406 [5666] (INFO) (xivo_ami.ami.client): Connecting AMI client to localhost:5038

xivo-confd.log

2018-04-11 09:52:24,141 [5395] (INFO) (service_discovery): Registering xivo-confd on Consul as 48cb7432-43e8-4f04-9140-c6fa39d02918 with 192.168.99.20:9486
2018-04-11 09:52:26,065 [5395] (INFO) (xivo_confd.http_server): GET http://127.0.0.1:9487/1.1/wizard
2018-04-11 09:52:26,069 [5395] (INFO) (xivo_confd): (127.0.0.1) GET http://127.0.0.1:9487/1.1/wizard 200
2018-04-11 09:52:28,066 [5395] (INFO) (xivo_confd.http_server): GET http://127.0.0.1:9487/1.1/wizard
2018-04-11 09:52:28,072 [5395] (INFO) (xivo_confd): (127.0.0.1) GET http://127.0.0.1:9487/1.1/wizard 200
2018-04-11 09:52:29,240 [5395] (INFO) (service_discovery): registration failed, retrying in 2 seconds

xivo-ctid.log

ConnectionError: HTTPSConnectionPool(host='*HOST*', port=9493): Max retries exceeded with url: /1.0/agents (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0xb3d828ec>: Failed to establish a new connection: [Errno 111] Connection refused',))
2018-04-11 09:28:02,855 [5746] (INFO) (main): STOPPING XiVO CTI Server (pid 5746) / uptime 5 s (since Wed Apr 11 09:27:57 2018)
2018-04-11 09:28:03,763 [5746] (INFO) (service_discovery): Deregistering xivo-ctid from Consul services: fa5ba034-6eeb-4cc8-aaac-d0d6244970fd
2018-04-11 09:28:08,891 [5746] (ERROR) (service_discovery): failed to deregister
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/xivo/consul_helpers.py", line 104, in __exit__
    self._registerer.deregister()
  File "/usr/lib/python2.7/dist-packages/xivo/consul_helpers.py", line 260, in deregister
    raise exception
RegistererError: HTTPSConnectionPool(host='*HOST*', port=8500): Max retries exceeded with url: /v1/agent/check/deregister/service:fa5ba034-6eeb-4cc8-aaac-d0d6244970fd (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0xb3db848c>: Failed to establish a new connection: [Errno 111] Connection refused',))

xivo-ctid-ng.log

2018-04-11 09:54:27,046 [5857] (INFO) (service_discovery): Registering xivo-ctid-ng on Consul as 4c27224d-1151-4b3b-9231-6e20ff83a85d with 192.168.99.20:9500
2018-04-11 09:54:32,165 [5857] (INFO) (service_discovery): registration failed, retrying in 2 seconds
2018-04-11 09:54:39,611 [5857] (ERROR) (xivo.rest_api_helpers): Unauthorized: {'invalid_token': ''}
2018-04-11 09:54:39,612 [5857] (INFO) (xivo_ctid_ng): (127.0.0.1) GET https://localhost:9500/1.0/status 401
2018-04-11 09:54:39,614 [5857] (INFO) (service_discovery): Registering xivo-ctid-ng on Consul as 4c27224d-1151-4b3b-9231-6e20ff83a85d with 192.168.99.20:9500
2018-04-11 09:54:44,780 [5857] (INFO) (service_discovery): registration failed, retrying in 2 seconds
2018-04-11 09:54:52,325 [5857] (ERROR) (xivo.rest_api_helpers): Unauthorized: {'invalid_token': ''}
2018-04-11 09:54:52,326 [5857] (INFO) (xivo_ctid_ng): (127.0.0.1) GET https://localhost:9500/1.0/status 401
2018-04-11 09:54:52,328 [5857] (INFO) (service_discovery): Registering xivo-ctid-ng on Consul as 4c27224d-1151-4b3b-9231-6e20ff83a85d with 192.168.99.20:9500
2018-04-11 09:54:57,442 [5857] (INFO) (service_discovery): registration failed, retrying in 2 seconds
2018-04-11 09:55:05,120 [5857] (ERROR) (xivo.rest_api_helpers): Unauthorized: {'invalid_token': ''}
2018-04-11 09:55:05,121 [5857] (INFO) (xivo_ctid_ng): (127.0.0.1) GET https://localhost:9500/1.0/status 401
2018-04-11 09:55:05,124 [5857] (INFO) (service_discovery): Registering xivo-ctid-ng on Consul as 4c27224d-1151-4b3b-9231-6e20ff83a85d with 192.168.99.20:9500

xivo-dird.log

2018-04-11 09:55:56,871 [5778] (INFO) (xivo_dird): (127.0.0.1) GET https://localhost:9489/0.1/directories/lookup/foobar/headers 401
2018-04-11 09:55:56,873 [5778] (INFO) (service_discovery): Registering xivo-dird on Consul as 5f0abdf5-ba45-4292-ac76-d323c3cb82f0 with 192.168.99.20:9489
2018-04-11 09:56:02,004 [5778] (INFO) (service_discovery): registration failed, retrying in 2 seconds

xivo-dird-phoned.log

2018-04-11 09:25:30,042 [2257] (INFO) (xivo_dird_phoned.controller): xivo-dird-phoned stopping...
2018-04-11 09:25:30,043 [2257] (INFO) (cherrypy.error): [11/Apr/2018:09:25:30] ENGINE Waiting for child threads to terminate...
2018-04-11 09:28:03,190 [5810] (ERROR) (STDERR): /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:845: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
2018-04-11 09:28:03,199 [5810] (ERROR) (STDERR):   InsecureRequestWarning)
2018-04-11 09:28:03,602 [5810] (INFO) (cherrypy.error): [11/Apr/2018:09:28:03] ENGINE Bus STARTING
2018-04-11 09:28:03,603 [5810] (INFO) (cherrypy.error): [11/Apr/2018:09:28:03] ENGINE Started monitor thread '_TimeoutMonitor'.
2018-04-11 09:28:03,705 [5810] (INFO) (cherrypy.error): [11/Apr/2018:09:28:03] ENGINE Serving on unknown interface (dynamic?)
2018-04-11 09:28:03,806 [5810] (INFO) (cherrypy.error): [11/Apr/2018:09:28:03] ENGINE Serving on unknown interface (dynamic?)
2018-04-11 09:28:03,807 [5810] (INFO) (cherrypy.error): [11/Apr/2018:09:28:03] ENGINE Bus STARTED

là je suis complètement bloqué, je ne comprends pas d'où le problème peut venir............

je vous remercie par avance de votre aide

Cordialement,
Sébastien R.

RE: Letsencrypt et Wazo 18.03 - Added by Romain Martin 3 months ago

Bonjour,

Je pourrais pas vous aider pour votre cas, mais comme j'avais eu aussi des soucis sur les certificats, comme alternative j'utilise en reverse proxy, il gère les certificats SSL let's encrypt avec renouvellement automatique de tous mes serveurs c'est tellement plus simple à gérer.

RE: Letsencrypt et Wazo 18.03 - Added by Sébastien R 3 months ago

Bonsoir,

merci pour votre réponse.

Vous avez suivi ce tuto ?

[[http://documentation.wazo.community/en/stable/system/nginx.html]]

RE: Letsencrypt et Wazo 18.03 - Added by Romain Martin 3 months ago

Non j'ai pas suivi ce tuto en particulier, mais le principe est le même. j'utilise un reverse proxy classique du type HAProxy, il faut juste faire attention à laisser passer websocket dans le proxy pour que le WebRTC Unicom fonctionne correctement en https.

RE: Letsencrypt et Wazo 18.03 - Added by Sébastien R 3 months ago

Bonjour,

Merci pour toutes les indications, j'ai enfin réussi !!!!!!! :)

Cordialement,
Sébastien

RE: Letsencrypt et Wazo 18.03 - Added by Sébastien R 3 months ago

hmm je pense avoir parlé trop vite :(

Je ne sais pas si cela est lié, mais j'ai un phénomène étrange.

Le contexte est le suivant :

les agents ce logue par le biais de leurs téléphones et cela fonctionne, mais au bout d'un certain temps les agents ce delogue tout seul et là les téléphones ne sonnent plus ( normal )

Quand je regarde sur Wazo client effectivement les agents sont délogué alors que le voyant sur le téléphone est toujours logué.........

Quand je regarde le log effectivement je vois bien les logues/delogues............

2018-04-13 09:40:45,173 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/7 200
2018-04-13 09:40:45,175 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/logoff 204
2018-04-13 09:40:45,368 [2669] (INFO) (xivo_agent.service.handler.login): Executing login command (ID 7) on 101@default
2018-04-13 09:40:45,426 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/login 204
2018-04-13 09:41:24,364 [2669] (INFO) (xivo_agent.service.handler.status): Executing status command (ID 4)
2018-04-13 09:41:24,373 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/4 200
2018-04-13 09:41:24,527 [2669] (INFO) (xivo_agent.service.handler.login): Executing login command (ID 4) on 103@default
2018-04-13 09:41:24,600 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/4/login 204
2018-04-13 09:41:36,429 [2669] (INFO) (xivo_agent.service.handler.status): Executing status command (ID 7)
2018-04-13 09:41:36,440 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/7 200
2018-04-13 09:41:36,598 [2669] (INFO) (xivo_agent.service.handler.logoff): Executing logoff command (ID 7)
2018-04-13 09:41:36,642 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/logoff 204
2018-04-13 09:48:33,242 [2669] (INFO) (xivo_agent.service.handler.logoff): Executing logoff command (ID 7)
2018-04-13 09:48:33,249 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/logoff 409
2018-04-13 09:52:25,284 [2669] (INFO) (xivo_agent.service.handler.on_queue): Executing on queue updated command (ID 2)
2018-04-13 09:56:22,349 [2669] (INFO) (xivo_agent.service.handler.status): Executing status command (ID 7)
2018-04-13 09:56:22,371 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/7 200
2018-04-13 09:56:22,524 [2669] (INFO) (xivo_agent.service.handler.login): Executing login command (ID 7) on 101@default
2018-04-13 09:56:22,599 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/login 204
2018-04-13 09:56:33,127 [2669] (INFO) (xivo_agent.service.handler.status): Executing status command (ID 7)
2018-04-13 09:56:33,138 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/7 200
2018-04-13 09:56:33,264 [2669] (INFO) (xivo_agent.service.handler.logoff): Executing logoff command (ID 7)
2018-04-13 09:56:33,307 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/logoff 204
2018-04-13 09:59:10,457 [2669] (INFO) (xivo_agent.service.handler.logoff): Executing logoff command (ID 5)
2018-04-13 09:59:10,509 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/5/logoff 204
2018-04-13 10:00:44,363 [2669] (INFO) (xivo_agent.service.handler.login): Executing login command (ID 5) on 102@default
2018-04-13 10:00:44,416 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/5/login 204
2018-04-13 10:01:29,604 [2669] (INFO) (xivo_agent.service.handler.status): Executing status command (ID 7)
2018-04-13 10:01:29,634 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/7 200
2018-04-13 10:01:30,020 [2669] (INFO) (xivo_agent.service.handler.login): Executing login command (ID 7) on 101@default
2018-04-13 10:01:30,139 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/login 204
2018-04-13 10:01:32,729 [2669] (INFO) (xivo_agent.service.handler.status): Executing status command (ID 4)
2018-04-13 10:01:32,739 [2669] (INFO) (xivo_agent): (127.0.0.1) GET https://FQDN:9493/1.0/agents/by-id/4 200
2018-04-13 10:01:33,141 [2669] (INFO) (xivo_agent.service.handler.logoff): Executing logoff command (ID 4)
2018-04-13 10:01:33,195 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/4/logoff 204
2018-04-13 10:01:57,004 [2669] (INFO) (xivo_agent.service.handler.logoff): Executing logoff command (ID 7)
2018-04-13 10:01:57,045 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/logoff 204
2018-04-13 10:02:12,238 [2669] (INFO) (xivo_agent.service.handler.login): Executing login command (ID 7) on 101@default
2018-04-13 10:02:12,291 [2669] (INFO) (xivo_agent): (127.0.0.1) POST https://FQDN:9493/1.0/agents/by-id/7/login 204

Avez-vous déjà rencontré le problème

Cordialement,
Sebastien R.

RE: Letsencrypt et Wazo 18.03 - Added by Sébastien R 3 months ago

Un petit up :)

J'ai aussi cette erreur dans le fichier de log

2018-04-17 21:02:07,501 [10535] (INFO) (xivo_agent.ami.client): Disconnecting AMI client
2018-04-17 21:02:07,502 [10535] (INFO) (xivo_agent.bin.agentd): Stopping xivo-agentd
2018-04-17 21:04:07,654 [2530] (INFO) (xivo_agent.bin.agentd): Starting xivo-agentd
2018-04-17 21:04:07,809 [2530] (INFO) (kombu.mixins): Connected to amqp://guest:**@127.0.0.1:5672//
2018-04-17 21:04:07,967 [2530] (ERROR) (STDERR): /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:845: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
2018-04-17 21:04:07,967 [2530] (ERROR) (STDERR):   InsecureRequestWarning)

Savez-vous à quoi cela correspond et si cela peut être lié à mon problème de logue et délogue des agents ?

Cordialement,
Sebastien R.

RE: Letsencrypt et Wazo 18.03 - Added by Franck OUILLE 3 months ago

J'ai exactement le même depuis mise à jour sur 18.03

[[https://projects.wazo.community/boards/8/topics/13312]]

    (1-8/8)