Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate is valid for ingress.local, not test-network-org0-ca-ca.localho.st error on network up #105

Open
charalarg opened this issue Mar 29, 2023 · 3 comments
Open

Certificate is valid for ingress.local, not test-network-org0-ca-ca.localho.st error on network up #105

charalarg opened this issue Mar 29, 2023 · 3 comments

Comments

@charalarg
Copy link

charalarg commented Mar 29, 2023
edited
Loading

Is anyone else having this error message on ./network up?
I am running a local cluster with rancher desktop and k3s.

This error comes up when enrolling org0 root CA admin rcaadmin:
Debug logs:

2023/03/29 22:03:32 [INFO] Created a default configuration file at fabric-operator/sample-network/temp/enrollments/org0/users/rcaadmin/fabric-ca-client-config.yaml
2023/03/29 22:03:32 [INFO] TLS Enabled
2023/03/29 22:03:32 [INFO] generating key: &{A:ecdsa S:256}
2023/03/29 22:03:32 [INFO] encoded CSR
Error: POST failure of request: POST https://test-network-org0-ca-ca.localho.st:443/enroll
{"hosts":["cargyriou-ThinkPad-P14s"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBUDCB9wIBADBgMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxETAPBgNV\nBAMTCHJjYWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7p3KsryyxBHu\nPzbnZF+qlPD32jZ3Lf72Li1Iwbx69iMvhjHIpAWy8KJG9INmm5wzevUr0Wl92hXy\n8TASTvRDDKA1MDMGCSqGSIb3DQEJDjEmMCQwIgYDVR0RBBswGYIXY2FyZ3lyaW91\nLVRoaW5rUGFkLVAxNHMwCgYIKoZIzj0EAwIDSAAwRQIhALZ3qvBdoFlP48/FRrND\nHJGFqCKFPrDiyr/laQ9NltQwAiBZC3Uf4f6B8JUD1wdvnAzeNGdudcQ7q/t/7+wo\nQd4+pQ==\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":""}: Post "https://test-network-org0-ca-ca.localho.st:443/enroll": x509: certificate is valid for ingress.local, not test-network-org0-ca-ca.localho.st
@jkneubuh
Copy link
Contributor

Hi @charalarg

./network up is compatible with rancher desktop and k3s. However - the up targets will attempt to bind an Nginx ingress controller to ports 80 and 443.

What is happening above is that the CA client is trying to connect to the cluster ingress at port 443, and hitting the Traefik controller that has been installed with Rancher Desktop. Basically - you have two ingress systems running, both trying to bind to :80 and :443.

Quick fix for this is to disable the Traefik ingress in the Rancher Desktop settings. OR to change the ingress port bindings in the ./network script (I believe these can be set with environment variable overrides...).

Using the Nginx config that comes with the ./network up script is probably the easiest path forward. The other alternative would be to enable the ssl-passthrough mode for Traefik.

There are some notes on Rancher setup in the samples project at https://github.com/hyperledger/fabric-samples/blob/main/test-network-k8s/docs/KUBERNETES.md#rancher-desktop-and-k3s

@charalarg
Copy link
Author

Hello @jkneubuh,
Thank you for your response. The thing is that I followed the readme file step by step so I had already disabled Treafik on Rancher Desktop and also tried the whole procedure both with containerd and dockerd runtime. Unfortunately I had the same results.

@charalarg
Copy link
Author

I managed to run the ingress successfully by disabling the other one occupying the ports but then i get another error.

writing org0-ca connection profile to fabric-operator/sample-network/temp/cas/org0-ca/connection-profile.json
2023/03/30 18:11:27 [INFO] TLS Enabled
2023/03/30 18:11:27 [INFO] generating key: &{A:ecdsa S:256}
2023/03/30 18:11:27 [INFO] encoded CSR
Error: POST failure of request: POST https://test-network-org0-ca-ca.localho.st:443/enroll
{"hosts":["cargyriou-ThinkPad-P14s"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBUDCB9wIBADBgMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxETAPBgNV\nBAMTCHJjYWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQw2Sz9J8mZI1\nUMWbG9d0F2nAdbLqLkd25SeTO+t4NivpnbrRNKmj7FMoEWOOkJlax1aT+wWY2Sux\nBKk13HfthaA1MDMGCSqGSIb3DQEJDjEmMCQwIgYDVR0RBBswGYIXY2FyZ3lyaW91\nLVRoaW5rUGFkLVAxNHMwCgYIKoZIzj0EAwIDSAAwRQIhAJlYPNY2kzZSLC8bIBkC\nZqaBYUq3Q3zo6fkMZ0EWeoBxAiA1rCuvL4Jl4xfr5It57U04qDpuNqv4Dej1J4h7\nRldWag==\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":""}: Post "https://test-network-org0-ca-ca.localho.st:443/enroll": read tcp 127.0.0.1:50036->127.0.0.1:443: read: connection reset by peer

Maybe this is not relevant but something seems broken to my network config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@charalarg @jkneubuh