Cloning problem over SSL

THis might be either mercurial

[web] 
cacerts = 

Is wrongly set, or Python itself. I assume importing: https://code.rhodecode.com/rhodecode-enterprise-ce
Works fine ?

I get the same error messages when I try to import from that URL. It did, however work fine from my 3.8.3 Enterprise version.

I’m suspecting Python update + env problem. I can import it without a problem on our test instances. Maybe system related / cert file.

Thanks for your help, Marcin. I will keep searching.

Hi,i have the same problem. When i am trying to clone repo, from Rhodecode 1.7 to RhodeCode CE (wia webinterface, admin concole- creating new repo- Import Existing Repository - add https://user@192.168.89.xxx/rhodecode/_127) i have next error-invalid clone url for hg repository. When i do the same from terminal by command hg clone https://user@192.168.89.xxx/rhodecode/_127 all be carrying out

I am also facing the same issue. using 4.3.0 CE version. When I try to “import Existing repository” getting “invalid clone url for hg repository” exception. Able to clone from HG client. I tried to download, lower version of Rhodecode CE. But no luck (404 error). Please help to resolve the issue.
Thanks in Advance.

did you check in logs what is the cause of the import ? There should be a relevant excepition in enterprise.log

Hi Marcin,
Thanks for the reply. Same error as “Eriddle” mentioned in the above reply.
“org_exc: urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)”

Hi,

Please help to resolve the above cloning issue. I am unable to download old versions of Rhodecode also.
Thanks in Advance.

We made a ticket to investigate this with high priority with our team: https://issues.rhodecode.com/issues/4199

Hi Marcin,

Thanks for the ticket. Meantime could you please help to provide the older version of Rhodecode 3.8.3 which worked for “Eriddle” or some other version.

All our released versions are available, simply run rccontrol install --version=3.8.3 for both enterprise and vcsserver

Hi marcin,

Is there any url to download and install offline.? I am trying the url in MANIFEST file. But it is not working.
Thanks for the support.

We did a release few minutes ago, so the URLs changed. You can always refer to this file:
curl https://dls.rhodecode.com/public/linux/MANIFEST

For latest download links.

Hi Marcin,

Thanks for the new MANIFEST. Now I am able to download the older version of Rhodecode(3.8.3 and other versions). But when I try to install offline. “rccontrol” not recognizing the older versions from cache folder. It is asking to download again.I am able to install 4.3.0 offline.
Below is the error.

rccontrol install VCSServer --version 3.8.3 --offline
Offline mode enabled. Using files from the local cache.
Manually download the file from an online computer and copy it to /root/.rccontrol/cache
https://dls.rhodecode.com/linux/RhodeCodeVCSServer-3.8.3+x86_64-linux_build20160812_1543.tar.bz2

It seems that the CA certificates are not found. This should be mainly related to the VCSServer. Here are some options to try out in order to verify this assumption:

  • Set an environment variable SSL_CERT_FILE for the VCSServer, pointing to ~/.rccontrol-profile/etc/ca-bundle.crt.
  • Place a CA bundle in the default location, this should be /etc/ssl/certs/ca-certificates.crt.

My suggestion is to try the first method by changing the file ~/.rccontrol/supervisord/supervisord.ini:

Look for a section called program:vcsserver-1_script and add a line like the following:

environment = SSL_CERT_FILE="/home/user/.rccontrol-profile/etc/ca-bundle.crt"

This way the VCServer will know where to look for the certificate bundle. After making the adjustments, the VCSServer should be restarted.

The whole section inside of the modified file supervisord.ini would look like the following example:

[program:vcsserver-1_script]
numprocs = 1
redirect_stderr = true
_port = 10002
_host = 127.0.0.1
command = /home/user/.rccontrol/vcsserver-1/profile/bin/vcsserver --config=/home/user/.rccontrol/vcsserver-1/vcsserver.ini
autostart = true
environment = SSL_CERT_FILE="/home/user/.rccontrol-profile/etc/ca-bundle.crt"
directory = /home/user/.rccontrol/vcsserver-1
stdout_logfile = /home/user/.rccontrol/vcsserver-1/vcsserver.log

Additional notes:

  • If you have multiple instances of the VCSServer running, you will have to replace vcsserver-1 with the correct instance name.
  • SSL_CERT_DIR should also be supported, this might be useful for more specific use cases where also custom CA certificates should be supported.

Hi Johannes,

Thanks for the workaround. I tried both the methods, But no luck :frowning: . Getting the same Error message.

Hi Pratap,

Did you restart supervisord completely after the change ?

Hi Marcin,

I have restated supervisiord completely and tried to import repo, Now I am able to import the repo.
Thanks for the workaround and continuous support.

Thanks for letting us know. We’re adding this now to the next release so it’s going to be added automatically by rccontrol to each installed instance.