DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422021-12-13T14:16:57ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #746 (Rejected): unexpected restart of Toushirou hosthttps://projects.duckcorp.org/issues/7462021-12-13T14:16:57ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Today Toushirou was restarted unexpectedly. It seems that this restart wasn't due a command.</p>
<p>The server was restarted after <code>Dec 13 10:07:03</code> (UTC+1). I unlocked the encrypted encryption around 13h15 (UTC+1).</p>
<p><code>syslog</code> contains:<br /><pre>
Dec 13 10:06:52 Toushirou postfix/smtpd[1353160]: disconnect from <redacted> ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Dec 13 10:07:03 Toushirou stunnel: LOG5[8632]: Connection closed: 182 byte(s) sent to TLS, 20 byte(s) sent to socket
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
[...]
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Dec 13 13:18:38 Toushirou systemd-udevd[631]: Using default interface naming scheme 'v247'.
Dec 13 13:18:38 Toushirou systemd-udevd[630]: Using default interface naming scheme 'v247'.
Dec 13 13:18:38 Toushirou lvm[578]: 3 logical volume(s) in volume group "extra" monitored
</pre></p>
<p>The filesystem journals were recovered:<br /><pre>
Dec 13 13:18:38 Toushirou systemd-fsck[791]: /dev/md0 was not cleanly unmounted, check forced.
Dec 13 13:18:38 Toushirou systemd-fsck[790]: /dev/mapper/main-ldap: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[790]: /dev/mapper/main-ldap: clean, 14/23616 files, 9468/94208 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-ldap.
Dec 13 13:18:38 Toushirou systemd-fsck[787]: /dev/mapper/main-ftp: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[787]: /dev/mapper/main-ftp: clean, 1042/1966080 files, 4094072/7864320 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-ftp.
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: Clearing orphaned inode 524490 (uid=0, gid=4, mode=0100640, size=186)
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: Clearing orphaned inode 525136 (uid=0, gid=4, mode=0100640, size=2261619)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: clean, 3025/915712 files, 701679/3661824 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-logs.
Dec 13 13:18:38 Toushirou systemd-fsck[797]: /dev/mapper/main-mysql: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[797]: /dev/mapper/main-mysql: clean, 1706/305216 files, 302945/1220608 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-mysql.
Dec 13 13:18:38 Toushirou systemd-fsck[801]: /dev/mapper/main-projects: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[801]: /dev/mapper/main-projects: clean, 15384/977280 files, 2501362/3932160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-projects.
Dec 13 13:18:38 Toushirou systemd-fsck[805]: /dev/mapper/main-stuffcloud: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[805]: /dev/mapper/main-stuffcloud: clean, 184647/8519680 files, 22560629/34078720 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-stuffcloud.
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: Clearing orphaned inode 136445 (uid=0, gid=0, mode=0100664, size=11567160)
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: Clearing orphaned inode 136045 (uid=0, gid=0, mode=0100664, size=9253600)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: clean, 43941/305216 files, 677459/1220608 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-var.
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: Clearing orphaned inode 20 (uid=0, gid=0, mode=0100666, size=0)
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: Clearing orphaned inode 50 (uid=128, gid=136, mode=0100600, size=0)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: clean, 3380/121920 files, 20791/487424 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-tmp.
Dec 13 13:18:38 Toushirou systemd-fsck[814]: /dev/mapper/main-vcs: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[814]: /dev/mapper/main-vcs: clean, 62639/183264 files, 334140/732160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-vcs.
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: Clearing orphaned inode 1314229 (uid=5111, gid=5111, mode=0100600, size=2543956)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: clean, 38189/1966080 files, 3862291/7864320 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-vmail.
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/extra-lxd.
Dec 13 13:18:38 Toushirou systemd-fsck[827]: /dev/mapper/extra-home: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[827]: /dev/mapper/extra-home: clean, 576437/19660800 files, 60022856/78643200 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/extra-home.
Dec 13 13:18:38 Toushirou systemd-fsck[791]: /dev/md0: 348/64000 files (23.9% non-contiguous), 63264/255936 blocks
Dec 13 13:18:38 Toushirou systemd-fsck[819]: /dev/mapper/main-www: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[819]: /dev/mapper/main-www: clean, 417149/9175040 files, 7579187/36700160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-www.
</pre></p>
<p>Thanks to GuiHome and Victor for letting me know that the NextCloud service was unavailable.</p>
<p>Once the server has been restarted there was an error with the hivane network link. Hence some service were unavailable. The nerim link worked. <br /><pre>
root@Toushirou:~# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● apache2.service loaded failed failed The Apache HTTP Server
● ifup@eth\x2dwan\x2dhivane.service loaded failed failed ifup for eth-wan-hivane
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
● networking.service loaded failed failed Raise network interfaces
</pre></p>
<pre>
root@Toushirou:~# ifdown --force eth-wan-hivane
RTNETLINK answers: Cannot assign requested address
RTNETLINK answers: Cannot assign requested address
root@Toushirou:~# ifup --force eth-wan-hivane
Waiting for DAD... Timed out
ifup: failed to bring up eth-wan-hivane
</pre>
<p>I remember the timed out issue occurred when the last time the server was moved from a rack to another. I tried the <code>ifdown</code>/<code>ifup</code> commands several times (until the <code>Timed out</code> disappeared).</p>
<p>The logs show that the timed out issue occurred at boot:<br /><pre>
Dec 13 13:18:45 Toushirou sh[1562]: Waiting for DAD... Timed out
Dec 13 13:18:45 Toushirou sh[1496]: ifup: failed to bring up eth-wan-hivane
</pre></p>
<p>Next I restarted <code>apache2.service</code> and <code>matrix-appservice-irc.service</code>, then I updated <code>/lib/systemd/system/lxd.socket</code> in order to fix a typo:<br /><pre>Dec 13 15:48:22 Toushirou systemd[1]: /lib/systemd/system/lxd.socket:8: Unit must be of type service, ignoring: lxd.servcie
</pre><br />After that i ran <code>systemctl daemon-reload</code> and <code>lxc list</code> then the redmine LXC container restarted.</p>
<p>At this time I tried to create this issue using redmine:https://projects.duckcorp.org/ but an issue occurred after i tried to authenticate: the redmine web interface showed an error: <code>"Cannot assign requested address - connect(2) for [2001:67c:1740:9001::c1c8:2ab1]:636"</code>.</p>
<p>The restart of the <code>slapd</code> service (which was listening on IPv6 but not IPv4) fixed this issue.</p> DuckCorp Infrastructure - Bug #726 (Resolved): /etc/stunnel/certs/duckcorp_stunnel_redis_Orfeo.pe...https://projects.duckcorp.org/issues/7262021-07-08T22:43:06ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>On Orfeo: <code>/etc/stunnel/certs/duckcorp_stunnel_redis_Orfeo.pem</code> certificate is expired.</p> Bip - Enhancement #715 (New): Backlog one channel onlyhttps://projects.duckcorp.org/issues/7152020-12-17T09:34:26ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>The backlog command only allows to backlog all the channels from one network.</p>
<p>It would be nice to fetch backlog from one channel only.</p>
<p>From: Debian bug <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668420" class="external">#668420</a>.</p> DuckCorp Infrastructure - Review #707 (Resolved): ansible-role-zabbix: ignore debian bugs #909750https://projects.duckcorp.org/issues/7072020-07-09T00:45:21ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-zabbix" class="external"><code>ansible-role-zabbix/ignore_debian_bugs_#909750</code></a></p>
<p>Ignore debian bugs #909750, workaround this issue:</p>
<pre>
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
libjpeg62-turbo libtiff5 libwebp6 libxpm4 php php-bcmath php-gd
php-ldap php-mbstring php-pgsql php-xml php7.3 php7.3-bcmath php7.3-gd
php7.3-ldap php7.3-mbstring php7.3-pgsql php7.3-xml
Suggested packages:
libgd-tools
The following NEW packages will be installed:
fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
libjpeg62-turbo libtiff5 libwebp6 libxpm4 php php-bcmath php-gd
php-ldap php-mbstring php-pgsql php-xml php7.3 php7.3-bcmath php7.3-gd
php7.3-ldap php7.3-mbstring php7.3-pgsql php7.3-xml zabbix-frontend-php
0 upgraded, 24 newly installed, 0 to remove and 40 not upgraded.
[...]
serious bugs of libfontconfig1 (-> 2.13.1-2) <Forwarded>
b1 - #909750 - applications tries to write to /usr/* directories via
libfontconfig1
Summary:
libfontconfig1(1 bug)
libfontconfig1 pinned by adding Pin preferences in
/etc/apt/preferences.d/apt-listbugs. Restart APT session to enable
**********************************************************************
****** Exiting with an error in order to stop the installation. ******
**********************************************************************
</pre> DuckCorp Infrastructure - Review #681 (Resolved): Undefined attribute: mda_usergrouphttps://projects.duckcorp.org/issues/6812019-10-09T10:18:46ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Fix the following error:</p>
<pre>
$ ansible-playbook playbooks/tenants/duckcorp/security.yml -u root
TASK [dc-antivirus : ClamAV Setup -- Connection Type] ***********************************************************************************************************************
fatal: [Orfeo]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'mda_usergroup'\n\nThe error appears to be in '/srv/share/src/duckcorp/duckcorp-infra.git/ansible/roles/dc-antivirus/tasks/main.yml': line 21, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n notify: Reconfigure ClamAV\n- name: ClamAV Setup -- Connection Type\n ^ here\n"}
</pre> DuckCorp Infrastructure - Bug #502 (Resolved): Reboot servers (orfeo, jinta, thorfinn, toushirou)https://projects.duckcorp.org/issues/5022017-01-26T12:39:13ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Servers were upgraded to Debian 8.7 and need a reboot.</p> Bip - Bug #481 (In Progress): Fix log level for erroneous messageshttps://projects.duckcorp.org/issues/4812015-10-13T12:54:28ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Bip should display IRC <a href="https://tools.ietf.org/html/rfc1459#section-6" class="external">errors</a> sent by IRC servers using <code>error</code> log level.</p>
<p>The current behaviour is:<br /><pre>
13-10-2015 14:48:14 DEBUG: ":irc.server.local 432 * Pilou :Nickname too long, max. 9 characters
</pre></p> DuckCorp Infrastructure - Enhancement #460 (Resolved): SSL/TLS: check ciphershttps://projects.duckcorp.org/issues/4602015-07-09T00:02:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
Checks:
<ul>
<li>NULL,EXPORT,LOW,3DES,aNULL must be disabled</li>
<li>RC4 must be disabled</li>
<li>SSLv2,SSLv3 must be disabled</li>
<li>TLSv1.1,TLSv1.2 must be enabled</li>
<li>PFS must be enabled</li>
</ul>
<ul>
<li>SSL Compression must be disabled</li>
</ul>
Configuration updates needed:
<ul>
<li>Postgresql (default conf used <code>HIGH:MEDIUM:+3DES:!aNULL</code>)</li>
<li>Apache (<code>RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW</code>)</li>
</ul>
<ul>
<li>References
<ul>
<li><a class="external" href="https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher">https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher</a></li>
<li><a class="external" href="https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/">https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/</a></li>
<li><a class="external" href="http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html">http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html</a></li>
<li><a class="external" href="https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations">https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations</a></li>
<li><a class="external" href="https://github.com/ioerror/duraconf">https://github.com/ioerror/duraconf</a></li>
</ul>
</li>
<li>Tools:
<ul>
<li><a class="external" href="https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh">https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh</a></li>
</ul></li>
</ul> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote> Bip - Bug #352 (New): bip & Bitlbeehttps://projects.duckcorp.org/issues/3522014-09-22T18:25:43ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>On 22/09/2014, asteroidmaster wrote:</p>
<blockquote>
<p>I'm having trouble connecting bip to bitlbee. Bitlbee is running and I can connect Weechat to it.<br />But when I try to connect bip to bitlbee, I get a ERROR in getpeername() that Transport Endpoint is not connected,<br />and another error on fd 6 followed by bip throwing a read_lines error. I'm running Ubuntu Server 14.04 and have<br />installed bip from the Ubuntu repos and Bitlbee from their daily build repo.</p>
</blockquote> Bip - Enhancement #270 (Resolved): GIT: use signed taghttps://projects.duckcorp.org/issues/2702012-01-10T01:53:49ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Signed tags must be used.</p> Bip - Bug #269 (Resolved): buffer overflow when number of open file descriptors >= FD_SETSIZEhttps://projects.duckcorp.org/issues/2692012-01-07T10:28:05ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported by Julien Tinnes, thanks to him!</p>
<p>Bip doesn't check if fd is equal or larger than FD_SETSIZE.</p>
<p>From select man page:</p>
<blockquote>
<p>Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.</p>
</blockquote> Bip - Bug #265 (Resolved): bip segfaults when a client uses a password with a spacehttps://projects.duckcorp.org/issues/2652011-12-20T01:08:58ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported by Tim Hansen</p>
<p>The bip log shows:<br />19-12-2011 16:56:42 ERROR: [*connecting*] Error in protocol, closing...</p>
<p>I can reproduce (impossible to use space in password) but segfault didn't happen.</p> Bip - Bug #188 (New): "FATAL: Element with key nohar already in hash 5151a968" when netplit occurshttps://projects.duckcorp.org/issues/1882011-01-19T00:19:39ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Sometimes when a netsplit occurs, bip exits after logging:</p>
<blockquote>
<p>FATAL: Element with key nohar already in hash 5151a968</p>
</blockquote> Bip - Bug #186 (New): Bip crash after using "/QUOTE BIP TRUST OK" on a new connectionhttps://projects.duckcorp.org/issues/1862011-01-18T02:29:38ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h1 >How to reproduce:<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h1>
<ol>
<li>/etc/bip.conf: add a new ssl connection </li>
<li>restart bip (Debian: <em>/etc/init.d/bip restart</em>)</li>
<li>use <em>/QUOTE BIP TRUST OK</em><br /> # all client connections are disconnected</li>
</ol>
<a name="Logs"></a>
<h1 >Logs<a href="#Logs" class="wiki-anchor">¶</a></h1>
<a name="Client-logs"></a>
<h2 >Client logs:<a href="#Client-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>03:12:08 oftc | irc: connecting to server irc-bouncer/7778...<br />03:12:08 oftc | irc: connected to irc-bouncer<br />03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:<br />03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78<br />03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.<br />03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.<br />03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.</p>
</blockquote>
<a name="Bip-logs"></a>
<h2 >Bip logs:<a href="#Bip-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket<br />18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)<br />18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!<br />18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)<br />18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...<br />18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds<br />18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket</p>
</blockquote>