v3.10.0 -> 3.10.1 upgrade error
-
looks like a cors issue:
< Promise {status: "pending"} [Error] Origin https://support.sweetpproductions.com is not allowed by Access-Control-Allow-Origin. Status code: 404 [Error] Fetch API cannot load https://packages.nodebb.org/api/v1/suggest?version=3.10.1&package%5B%5D=nodebb-plugin-imgur due to access control checks. [Error] Failed to load resource: Origin https://support.sweetpproductions.com is not allowed by Access-Control-Allow-Origin. Status code: 404 (suggest, line 0) [Error] Unhandled Promise Rejection: TypeError: Load failed -
when I ssh into my server I get this:
root@server:~# curl -I https://packages.nodebb.org curl: (60) SSL: no alternative certificate subject name matches target host name 'packages.nodebb.org' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. root@server:~#This happens on 2 seperate VPS servers I manage.
on my local device I see this:
curl -I https://packages.nodebb.org HTTP/1.1 302 Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 09 Oct 2024 18:59:39 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 28 Connection: keep-alive X-Powered-By: Express Access-Control-Allow-Origin: * Location: /stats Vary: AcceptSomething interesting, when I run the command on my local device running through a VPN I get the same error shown for my 2 remote VPS's
-
Same problem.
3. Checking installed plugins for updates...Checking installed plugins and themes for updates... Warning: An unexpected error occured when attempting to verify plugin upgradability Error occurred during upgrade: TypeError: fetch failed at node:internal/deps/undici/undici:13185:13 at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async call (/home/user_radforum/nodebb/src/request.js:37:19) at async getSuggestedModules (/home/user_radforum/nodebb/src/cli/upgrade-plugins.js:78:27) at async checkPlugins (/home/user_radforum/nodebb/src/cli/upgrade-plugins.js:101:27) at async upgradePlugins (/home/user_radforum/nodebb/src/cli/upgrade-plugins.js:125:17) at async Object.handler (/home/user_radforum/nodebb/src/cli/upgrade.js:29:4) at async runSteps (/home/user_radforum/nodebb/src/cli/upgrade.js:55:5) at async Object.runUpgrade [as upgrade] (/home/user_radforum/nodebb/src/cli/upgrade.js:98:3) 2024-10-09T19:00:50.732Z [4568/271155] - error: uncaughtException: fetch failed TypeError: fetch failed at node:internal/deps/undici/undici:13185:13 at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async call (/home/user_radforum/nodebb/src/request.js:37:19) at async getSuggestedModules (/home/user_radforum/nodebb/src/cli/upgrade-plugins.js:78:27) at async checkPlugins (/home/user_radforum/nodebb/src/cli/upgrade-plugins.js:101:27) at async upgradePlugins (/home/user_radforum/nodebb/src/cli/upgrade-plugins.js:125:17) at async Object.handler (/home/user_radforum/nodebb/src/cli/upgrade.js:29:4) at async runSteps (/home/user_radforum/nodebb/src/cli/upgrade.js:55:5)My nodebb version is 3.9 and i try to update to 3.10.1
-
I got
~/nodebb$ dig packages.nodebb.org ; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> packages.nodebb.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50858 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;packages.nodebb.org. IN A ;; ANSWER SECTION: packages.nodebb.org. 300 IN A 138.197.166.38 ;; Query time: 12 msec ;; SERVER: 185.12.64.2#53(185.12.64.2) (UDP) ;; WHEN: Wed Oct 09 21:42:10 CEST 2024 ;; MSG SIZE rcvd: 64 -
root@server:~# dig packages.nodebb.org +short 138.197.166.38root@server:~# dig packages.nodebb.org less ; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> packages.nodebb.org less ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23609 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 13 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;packages.nodebb.org. IN A ;; ANSWER SECTION: packages.nodebb.org. 108 IN A 138.197.166.38 ;; AUTHORITY SECTION: nodebb.org. 108 IN NS greg.ns.cloudflare.com. nodebb.org. 108 IN NS sue.ns.cloudflare.com. ;; ADDITIONAL SECTION: greg.ns.cloudflare.com. 108 IN A 173.245.59.115 greg.ns.cloudflare.com. 108 IN A 172.64.33.115 sue.ns.cloudflare.com. 108 IN A 108.162.192.145 greg.ns.cloudflare.com. 108 IN AAAA 2606:4700:58::adf5:3b73 sue.ns.cloudflare.com. 108 IN AAAA 2803:f800:50::6ca2:c091 sue.ns.cloudflare.com. 108 IN A 173.245.58.145 sue.ns.cloudflare.com. 108 IN AAAA 2a06:98c1:50::ac40:2091 greg.ns.cloudflare.com. 108 IN A 108.162.193.115 greg.ns.cloudflare.com. 108 IN AAAA 2803:f800:50::6ca2:c173 greg.ns.cloudflare.com. 108 IN AAAA 2a06:98c1:50::ac40:2173 ; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> packages.nodebb.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52811 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 13 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;packages.nodebb.org. IN A ;; ANSWER SECTION: packages.nodebb.org. 86 IN A 138.197.166.38 ;; AUTHORITY SECTION: nodebb.org. 86 IN NS greg.ns.cloudflare.com. nodebb.org. 86 IN NS sue.ns.cloudflare.com. ;; ADDITIONAL SECTION: sue.ns.cloudflare.com. 86 IN A 173.245.58.145 sue.ns.cloudflare.com. 86 IN A 172.64.32.145 greg.ns.cloudflare.com. 86 IN AAAA 2606:4700:58::adf5:3b73 sue.ns.cloudflare.com. 86 IN AAAA 2803:f800:50::6ca2:c091 greg.ns.cloudflare.com. 86 IN A 173.245.59.115 greg.ns.cloudflare.com. 86 IN A 172.64.33.115 sue.ns.cloudflare.com. 86 IN AAAA 2606:4700:50::adf5:3a91 sue.ns.cloudflare.com. 86 IN A 108.162.192.145 greg.ns.cloudflare.com. 86 IN A 108.162.193.115 greg.ns.cloudflare.com. 86 IN AAAA 2a06:98c1:50::ac40:2173 sue.ns.cloudflare.com. 86 IN AAAA 2a06:98c1:50::ac40:2091 greg.ns.cloudflare.com. 86 IN AAAA 2803:f800:50::6ca2:c173 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Wed Oct 09 21:44:20 CEST 2024 ;; MSG SIZE rcvd: 382 -
@Julian https://packages.nodebb.org loads this url: otherhome.ca
-
For me it looks like a misconfiguration certificate
~/nodebb$ openssl s_client -connect packages.nodebb.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R11 verify return:1 depth=0 CN = otherhome.ca verify return:1 --- Certificate chain 0 s:CN = otherhome.ca i:C = US, O = Let's Encrypt, CN = R11 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 30 11:40:17 2024 GMT; NotAfter: Dec 29 11:40:16 2024 GMT 1 s:C = US, O = Let's Encrypt, CN = R11 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIE+TCCA+GgAwIBAgISBKFrGq/uYt1x2fT4nxpBycwnMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTEwHhcNMjQwOTMwMTE0MDE3WhcNMjQxMjI5MTE0MDE2WjAXMRUwEwYDVQQD EwxvdGhlcmhvbWUuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx QM9xk/KQ/V60FHRXJywIpVnbmH8PNDSHMGx5XIEHdiw035J+DFySEkuXYdlgV8tH fENKbIMz+Ydy2sr9aniOZ469QrU/IS2pQn+qM51rvMLrgG7Jj4rqT0DHPTWg+bPK hyDHSipG7OfI2MeSL5FCJ8reZJHgidU3M+TE7oEaS6vbtIzAgR96SNtv5HQHzjkp 3f7iLtoY9Dg2O4aSEwqqz6GhwlgVwQTOok43YWR0IP99ZKm1xplh7Zaa8rwybD3u jEE7MjxDz3A7Dz9nNOXlZz37qywh4Z3SUD4T/FPT0vxqiHoqZ/sn+arKiWHmL2Rq RNGqu3SdXUQ/V4kg/euhAgMBAAGjggIhMIICHTAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O BBYEFNK/bs9ALNV6hDhxJuBzFuPOiN7WMB8GA1UdIwQYMBaAFMXPRqTq9MPAemyV xC2wXpIvJuO5MFcGCCsGAQUFBwEBBEswSTAiBggrBgEFBQcwAYYWaHR0cDovL3Ix MS5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYXaHR0cDovL3IxMS5pLmxlbmNyLm9y Zy8wKQYDVR0RBCIwIIIMb3RoZXJob21lLmNhghB3d3cub3RoZXJob21lLmNhMBMG A1UdIAQMMAowCAYGZ4EMAQIBMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAPxdL T9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4AAAGSQvDDVgAABAMARzBFAiEA 4mux6bwlRhkod0w2lpnEDzptWExR/w/edW/E5KqdHxsCIE+eSuU0VZ0BJScxH/a1 XVjRbSXVv1mh7es6d8MAZQ0KAHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZ RnEftZsAAAGSQvDDYAAABAMARjBEAiBitznteh8jOf0ouYy+0zGgb2Ertk+sqZBv cakVejJdrQIgbDdaOcdeCL0CBAWtqlyTSlZ5WMuAag7CZz+Gd4+s4zgwDQYJKoZI hvcNAQELBQADggEBAFtg1wIruQmPeWYoLZsFu1AXci01qCMWkIsYnXydayz9zZkn 2T1BO3e6UJUK4N96hQx0zOjAAnNf9o7Ky87ZX/ttImFNKwuJyzy7cxvrtNC5NFn2 0bt6R6ui4fFSO4px2h/7W6WBTnpoILYGpAxbi/7U8lOC8wSrROw/YCiy33sCqiqk xi8GBQv7kod1lVTdG/f3X6EgHT4T+yXhP+KXMecoqXUl7j8Z+ELdqC1ogW1hDDNR 2usRzqAzxToavls5+zgeFosck9TqaehFLRSBgpZTlb824DjdXOaGg3+YOWtg/Ic5 gjdW9XlAYHsckwD0FErnr1EGEGWt/XFm2KMGHRM= -----END CERTIFICATE----- subject=CN = otherhome.ca issuer=C = US, O = Let's Encrypt, CN = R11 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3132 bytes and written 405 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0BAEE2E2596998FC051D88FA1D1A25EC671CC10D574E024DDE532762AF16A452 Session-ID-ctx: Resumption PSK: 5D8F0A9B82234EE41941D62904135FD72E4CBE4B7F0A8840504ACF7AFD1C452BDEBFB92FC5C3516C5E7582644D470DD5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86400 (seconds) TLS session ticket: 0000 - c7 21 33 b9 cb a3 fb 39-3f 07 98 90 16 a1 dd 8f .!3....9?....... 0010 - ed bd 1a 29 fb dc 9e 46-56 ee 48 f8 f7 b6 24 00 ...)...FV.H...$. Start Time: 1728584237 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 983BC3E889B11EFEB5782F6868276B49BBD14DF3B2C34EE453DCB79D0CBBC687 Session-ID-ctx: Resumption PSK: 0863E2FBD0E12E927F148560BC426747A03996188C8E0FE3F03AD6C7F8722BD53346145A27630C3B981CC58010B860EB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86400 (seconds) TLS session ticket: 0000 - 91 78 a8 cc 5e a5 a5 fd-f4 44 d2 cb ed 75 d1 05 .x..^....D...u.. 0010 - 7c 8b f3 1a 38 78 a1 25-94 e0 1a a9 27 3d 47 cd |...8x.%....'=G. Start Time: 1728584237 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK closedThis certificate is owned by bolded textsubject=CN = otherhome.ca
-
@FrankM See, that's where I don't see what you're seeing. When I run the same command, the certificate chain looks fine:
$ openssl s_client -connect packages.nodebb.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R11 verify return:1 depth=0 CN = packages.nodebb.org verify return:1 --- Certificate chain 0 s:CN = packages.nodebb.org i:C = US, O = Let's Encrypt, CN = R11 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 18 09:05:41 2024 GMT; NotAfter: Dec 17 09:05:40 2024 GMT 1 s:C = US, O = Let's Encrypt, CN = R11 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- -
The only change I can share is that we disabled CloudFlare proxying roughly a day ago, so requests for
packages.nodebb.orgshould get the actual IP now instead of the CloudFlare proxy IP.otherhome.cais not one of our clients, nor do we use their IP, although it does share the same first 6 digits. -
@baris, @Julian so I had to disable the plugin checking code in NodeBB/src/cli/upgrade-plugins.js to get the upgrade to finish, as it left my install in a broken state.
I commented out lines 77,78,79 and 82:
async function getSuggestedModules(nbbVersion, toCheck) { //const request = require('../request'); //let { response, body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`); //if (!response.ok) { console.warn(`Unable to get suggested module for NodeBB(${nbbVersion}) ${toCheck.join(',')}`); return []; //} if (!Array.isArray(body) && toCheck.length === 1) { body = [body]; } return body; }at least now my install Is working, but a better fix would be appreciated. Some kind of fallback url for packages.nodebb.org would be great. How about hosting on GitHub for example?
I still however have the Internal Error. - Oops! Looks like something went wrong! - fetch failed error on in the Admin panel > Extend > Plugins
-
J julian referenced this topic on
-
@julian
Hi, just now after you switched to CloudFlare the problem no longer occurs, but as far as I can see, now that you have switched the resolution to your source site again, your source site has a normal SSL configuration in an IPV4 environment, but not in an IPV6 environment.
Copyright © 2024 NodeBB | Contributors