XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Transport-XMPP failing to start

    Scheduled Pinned Locked Moved Solved Advanced features
    22 Posts 5 Posters 5.4k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • julien-fJ Offline
      julien-f Vates 🪐 Co-Founder XO Team @techiem2
      last edited by

      @techiem2 Sorry, I missed your message.

      Are you using an official XOA or XO built from the sources?

      T 1 Reply Last reply Reply Quote 0
      • T Offline
        techiem2 @julien-f
        last edited by

        @julien-f
        From Source using ronivay's script:
        https://github.com/ronivay/XenOrchestraInstallerUpdater

        julien-fJ 1 Reply Last reply Reply Quote 0
        • julien-fJ Offline
          julien-f Vates 🪐 Co-Founder XO Team @techiem2
          last edited by

          @techiem2 In this case, I cannot tell you how to update a specific plugin or use a specific branch, you can ask for the script maintainer's help or I'll merge the PR without further tests 🙂

          julien-fJ 1 Reply Last reply Reply Quote 0
          • julien-fJ Offline
            julien-f Vates 🪐 Co-Founder XO Team @julien-f
            last edited by

            The fix has been merged in master, let me know if there are more issues.

            T 2 Replies Last reply Reply Quote 0
            • T Offline
              techiem2 @julien-f
              last edited by

              @julien-f
              Sorry, been a bit busy.
              I'll update this weekend and see if the new version pulls in.
              Thanks!

              1 Reply Last reply Reply Quote 0
              • T Offline
                techiem2 @julien-f
                last edited by

                @julien-f
                Ok, so it doesn't fail with the socket error, but now it's saying unable to verify the first certificate:
                Not sure if this is a plugin issue or something on my end, but normal clients connect fine.
                I'm using Prosody with a Letsencrypt cert.

                plugin.load
{
  "id": "transport-xmpp"
}
{
  "code": "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
  "message": "unable to verify the first certificate",
  "name": "Error",
  "stack": "Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1550:34)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202310280240/@xen-orchestra/log/configure.js:52:17)
    at TLSSocket._finishInit (node:_tls_wrap:967:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:743:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)"
}
                julien-fJ 1 Reply Last reply Reply Quote 0
                • julien-fJ Offline
                  julien-f Vates 🪐 Co-Founder XO Team @techiem2
                  last edited by

                  @techiem2 Are you sure your server's certificate is correctly configured?

                  Is it self-signed?

                  T 1 Reply Last reply Reply Quote 0
                  • T Offline
                    techiem2 @julien-f
                    last edited by

                    @julien-f As far as I can tell. It's a standard Let's Encrypt cert and it works with normal clients.

                    julien-fJ 1 Reply Last reply Reply Quote 0
                    • julien-fJ Offline
                      julien-f Vates 🪐 Co-Founder XO Team @techiem2
                      last edited by

                      @techiem2 If you can provide me access to your server and your configuration, I might be able to investigate and maybe come up with a fix.

                      T 1 Reply Last reply Reply Quote 0
                      • T Offline
                        techiem2 @julien-f
                        last edited by

                        @julien-f Thanks!
                        Just got you setup and DM'd.
                        Let me know if you need anything else to poke around on. 🙂

                        1 Reply Last reply Reply Quote 0
                        • julien-fJ Offline
                          julien-f Vates 🪐 Co-Founder XO Team
                          last edited by

                          If other people get the UNABLE_TO_VERIFY_LEAF_SIGNATURE error, check that your XMPP server provides the correct certificate chain.

                          You can use OpenSSL for this:

                          $ openssl s_client -connect $domain:$port -starttls xmpp -showcerts </dev/null
CONNECTED(00000003)
depth=0 CN = $domain
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = $domain
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = $domain
verify return:1
                          1 Reply Last reply Reply Quote 1
                          • olivierlambertO olivierlambert marked this topic as a question on
                          • olivierlambertO olivierlambert has marked this topic as solved on
                          • First post
                            Last post