[NPMCLI-285] Jumpstart fails with "unable to get local issuer certificate" Created: 10/Oct/23 Updated: 30/Jan/24 Resolved: 30/Jan/24 |
|
| Status: | Closed |
| Project: | Magnolia CLI |
| Component/s: | None |
| Affects Version/s: | 4.0.5 |
| Fix Version/s: | 4.0.6 |
| Type: | Bug | Priority: | Blocker |
| Reporter: | Sunoob Kutty | Assignee: | Milan Divilek |
| Resolution: | Fixed | Votes: | 2 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||
| Date of First Response: | |||||
| Epic Link: | Support | ||||
| Team: | |||||
| Work Started: | |||||
| Approved: |
Yes
|
||||
| Description |
Plan of actionBased on research and analysis, this problem is occuring when the customer is behind ssome infrastructure or security layers like a proxy. The customer must adjust their infrastructure to allow the request to the Magnolia servers. So the CLI will be adjusted to detect this situation - and if it does it will print a helpful message to the logs so that the customer knows the likely cause.. See latest comments for details.
Original DescriptionHello, I am unable to install the Magnolia via CLI. Errors added below. C:\Users\sunoob_k\Documents\HA>mgnl jumpstart
Regards Sunoob |
| Comments |
| Comment by Stefan Haessig [ 29/Nov/23 ] |
|
I have the same issue when following the steps here: https://docs.magnolia-cms.com/headless/getting-started-with-magnolia-headless/hello-headless.html |
| Comment by Chuong Doan Huy [ 04/Dec/23 ] |
|
I give it a try on Windows and works fine : C:\Users\DELL\test-cli>mgnl jumpstart |
| Comment by Chuong Doan Huy [ 06/Dec/23 ] |
|
Hi shaessig, skutty |
| Comment by Christopher Zimmermann [ 06/Dec/23 ] |
|
Flagged ticket as waiting for response from reporter. |
| Comment by Stefan Haessig [ 06/Dec/23 ] |
|
found the culprit: our company is using a proxy, that changes certificates. this makes certificate verification difficult, either you have to add certificates (that change often) to the certificate chain (works most of the times) or ask your IT service to let certain domains bypass the proxy, in this case it is most likely the nexus repo https://nexus.magnolia-cms.com/. I went for the 2nd option and have to wait I tested mgnl jumpstart on a private machine, where it installed without problems with option 2 |
| Comment by Christopher Zimmermann [ 12/Dec/23 ] |
|
As far as I can tell this error depends on the users infrastructure and there is nothing we can do to prevent the error. However we could give the user more clear information in the case of this condition. I propose changing the output to the following: info No magnolia-version option provided. Will use the latest stable version. info No path option provided. Will use the default light-modules in the current directory info C:/Users/sunoob_k/Documents/HA/light-modules does not seem to exist. Path will be created automatically. ERR! unable to get local issuer certificate ERR! Error: unable to get local issuer certificate ERR! at TLSSocket.onConnectSecure (node:_tls_wrap:1627:34) ERR! at TLSSocket.emit (node:events:512:28) ERR! at TLSSocket._finishInit (node:_tls_wrap:1038:8) ERR! at ssl.onhandshakedone (node:_tls_wrap:824:12) ERR! ERR! The "unable to get local issuer certificate" error indicates that something in your infrastructure is preventing the CLI from downloading the Magnolia artifacts. This is not a bug in the CLI. For example, you may be behind a proxy that requires certain certificates. You might be able to ask your infrastructure team to allow requests to the Magnolia artifact repository: https://nexus.magnolia-cms.com/ Please search the web on "unable to get local issuer certificate" for more information. ERR! ERR! mgnl: 4.0.5 node: v20.4.0 os: win32 ERR! please open an issue including this log on https://jira.magnolia-cms.com/browse/NPMCLI |
| Comment by Christopher Zimmermann [ 13/Dec/23 ] |
|
Unblocked. We agree to print more to the error log to mitigate the problem. |