[NPMCLI-285] Jumpstart fails with "unable to get local issuer certificate" Created: 10/Oct/23  Updated: 30/Jan/24  Resolved: 30/Jan/24

Status: Closed
Project: Magnolia CLI
Component/s: None
Affects Version/s: 4.0.5
Fix Version/s: 4.0.6

Type: Bug Priority: Blocker
Reporter: Sunoob Kutty Assignee: Milan Divilek
Resolution: Fixed Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: Support
Team: DeveloperX
Work Started:
Approved:
Yes

 Description   

Plan of action

Based on research and analysis, this problem is occuring when the customer is behind ssome infrastructure or security layers like a proxy. The customer must adjust their infrastructure to allow the request to the Magnolia servers. 

So the CLI will be adjusted to detect this situation - and if it does it will print a helpful message to the logs so that the customer knows the likely cause.. See latest comments for details.

 

Original Description

Hello,

I am unable to install the Magnolia via CLI. Errors added below.

C:\Users\sunoob_k\Documents\HA>mgnl jumpstart
info Using configuration at C:\Users\sunoob_k\AppData\Roaming\npm\node_modules@magnolia\cli\lib\config\mgnl-cli.json
info Using prototypes at C:\Users\sunoob_k\AppData\Roaming\npm\node_modules@magnolia\cli\lib\config\mgnl-cli-prototypes
? What Magnolia would you like to install? magnolia-dx-core-webapp
? Username: skutty
? Password: [hidden]
info No magnolia-version option provided. Will use the latest stable version.
info No path option provided. Will use the default light-modules in the current directory
info C:/Users/sunoob_k/Documents/HA/light-modules does not seem to exist. Path will be created automatically.
ERR! unable to get local issuer certificate
ERR! Error: unable to get local issuer certificate
ERR!     at TLSSocket.onConnectSecure (node:_tls_wrap:1627:34)
ERR!     at TLSSocket.emit (node:events:512:28)
ERR!     at TLSSocket._finishInit (node:_tls_wrap:1038:8)
ERR!     at ssl.onhandshakedone (node:_tls_wrap:824:12)
ERR!
ERR!
ERR! mgnl: 4.0.5 node: v20.4.0 os: win32
ERR! please open an issue including this log on https://jira.magnolia-cms.com/browse/NPMCLI

 

Regards

Sunoob



 Comments   
Comment by Stefan Haessig [ 29/Nov/23 ]

I have the same issue when following the steps here: https://docs.magnolia-cms.com/headless/getting-started-with-magnolia-headless/hello-headless.html

Comment by Chuong Doan Huy [ 04/Dec/23 ]

I give it a try on Windows and works fine :

C:\Users\DELL\test-cli>mgnl jumpstart
info Using configuration at C:\Users\DELL\AppData\Roaming\npm\node_modules@magnolia\cli\lib\config\mgnl-cli.json
info Using prototypes at C:\Users\DELL\AppData\Roaming\npm\node_modules@magnolia\cli\lib\config\mgnl-cli-prototypes
? What Magnolia would you like to install? magnolia-dx-core-demo-webapp
? Username: chuong.doan
? Password: [hidden]
info No magnolia-version option provided. Will use the latest stable version.
info No path option provided. Will use the default light-modules in the current directory
info C:/Users/DELL/test-cli/light-modules does not seem to exist. Path will be created automatically.
info Starting download from: https://nexus.magnolia-cms.com/repository/public/info/magnolia/tomcat/barebone/magnolia-tomcat-barebone/1.2.22/magnolia-tomcat-barebone-1.2.22.zip
Downloading [====================] 100% 0.0s
info Starting download from: https://nexus.magnolia-cms.com/repository/enterprise/info/magnolia/dx/magnolia-dx-core-demo-webapp/6.2.40/magnolia-dx-core-demo-webapp-6.2.40.war
Downloading [====================] 100% 0.0s
info Extracting...
info C:\Users\DELL\test-cli\C:\Users\DELL\test-cli\downloads\magnolia-dx-core-demo-webapp-6.2.40.war to C:\Users\DELL\test-cli\apache-tomcat\webapps\magnoliaAuthor
info Extraction completed
info Replacing Magnolia properties to prepare it for light development...
info Changing magnolia.properties at apache-tomcat\webapps\magnoliaAuthor\WEB-INF\config\default\magnolia.properties
info magnolia.develop=true
info magnolia.update.auto=true
info magnolia.resources.dir=${magnolia.home}/../../../light-modules
info Magnolia has been successfully setup for light development!
info You can now open a new terminal tab or window and start it up with the CLI command 'mgnl start'
info Magnolia will be ready after a few seconds at localhost:8080/magnoliaAuthor. Username and password is superuser

Comment by Chuong Doan Huy [ 06/Dec/23 ]

Hi shaessig, skutty
Can you try to pull community version (option 2 when you run "mgnl jumpstart") instead of dx-core ( which required credentials) to see if that make any differences (thus narrow down the causes) ?
Also because i did not get that issue when executing on my personal Windows computer, it may help if you can provide what system you are running on ? Is it a computer or a cloud window server...?
As "unable to get local issuer certificate" is a quite popular issue (and most likely related to local configurations), did you try to get more info and apply some suggestions from, for example SO or this post...?
thanks

Comment by Christopher Zimmermann [ 06/Dec/23 ]

Flag added

Flagged ticket as waiting for response from reporter.

Comment by Stefan Haessig [ 06/Dec/23 ]

found the culprit: our company is using a proxy, that changes certificates. this makes certificate verification difficult, either you have to add certificates (that change often) to the certificate chain (works most of the times) or ask your IT service to let certain domains bypass the proxy, in this case it is most likely the nexus repo https://nexus.magnolia-cms.com/. I went for the 2nd option and have to wait

I tested mgnl jumpstart on a private machine, where it installed without problems with option 2

Comment by Christopher Zimmermann [ 12/Dec/23 ]

As far as I can tell this error depends on the users infrastructure and there is nothing we can do to prevent the error. However we could give the user more clear information in the case of this condition. I propose changing the output to the following:

info No magnolia-version option provided. Will use the latest stable version.
info No path option provided. Will use the default light-modules in the current directory
info C:/Users/sunoob_k/Documents/HA/light-modules does not seem to exist. Path will be created automatically.
ERR! unable to get local issuer certificate
ERR! Error: unable to get local issuer certificate
ERR!     at TLSSocket.onConnectSecure (node:_tls_wrap:1627:34)
ERR!     at TLSSocket.emit (node:events:512:28)
ERR!     at TLSSocket._finishInit (node:_tls_wrap:1038:8)
ERR!     at ssl.onhandshakedone (node:_tls_wrap:824:12)
ERR!
ERR! The "unable to get local issuer certificate" error indicates that something in your infrastructure is preventing the CLI from downloading the Magnolia artifacts. This is not a bug in the CLI. For example, you may be behind a proxy that requires certain certificates. You might be able to ask your infrastructure team to allow requests to the Magnolia artifact repository: https://nexus.magnolia-cms.com/ Please search the web on "unable to get local issuer certificate" for more information.
ERR!
ERR! mgnl: 4.0.5 node: v20.4.0 os: win32
ERR! please open an issue including this log on https://jira.magnolia-cms.com/browse/NPMCLI 
Comment by Christopher Zimmermann [ 13/Dec/23 ]

Flag removed

Unblocked. We agree to print more to the error log to mitigate the problem.

Generated at Mon Feb 12 04:48:18 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.