XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Transport-XMPP failing to start

    Scheduled Pinned Locked Moved Solved Advanced features
    22 Posts 5 Posters 5.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      techiem2 @julien-f
      last edited by

      @julien-f
      From Source using ronivay's script:
      https://github.com/ronivay/XenOrchestraInstallerUpdater

      julien-fJ 1 Reply Last reply Reply Quote 0
      • julien-fJ Offline
        julien-f Vates 🪐 Co-Founder XO Team @techiem2
        last edited by

        @techiem2 In this case, I cannot tell you how to update a specific plugin or use a specific branch, you can ask for the script maintainer's help or I'll merge the PR without further tests 🙂

        julien-fJ 1 Reply Last reply Reply Quote 0
        • julien-fJ Offline
          julien-f Vates 🪐 Co-Founder XO Team @julien-f
          last edited by

          The fix has been merged in master, let me know if there are more issues.

          T 2 Replies Last reply Reply Quote 0
          • T Offline
            techiem2 @julien-f
            last edited by

            @julien-f
            Sorry, been a bit busy.
            I'll update this weekend and see if the new version pulls in.
            Thanks!

            1 Reply Last reply Reply Quote 0
            • T Offline
              techiem2 @julien-f
              last edited by

              @julien-f
              Ok, so it doesn't fail with the socket error, but now it's saying unable to verify the first certificate:
              Not sure if this is a plugin issue or something on my end, but normal clients connect fine.
              I'm using Prosody with a Letsencrypt cert.

              plugin.load
{
  "id": "transport-xmpp"
}
{
  "code": "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
  "message": "unable to verify the first certificate",
  "name": "Error",
  "stack": "Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1550:34)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202310280240/@xen-orchestra/log/configure.js:52:17)
    at TLSSocket._finishInit (node:_tls_wrap:967:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:743:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)"
}
              julien-fJ 1 Reply Last reply Reply Quote 0
              • julien-fJ Offline
                julien-f Vates 🪐 Co-Founder XO Team @techiem2
                last edited by

                @techiem2 Are you sure your server's certificate is correctly configured?

                Is it self-signed?

                T 1 Reply Last reply Reply Quote 0
                • T Offline
                  techiem2 @julien-f
                  last edited by

                  @julien-f As far as I can tell. It's a standard Let's Encrypt cert and it works with normal clients.

                  julien-fJ 1 Reply Last reply Reply Quote 0
                  • julien-fJ Offline
                    julien-f Vates 🪐 Co-Founder XO Team @techiem2
                    last edited by

                    @techiem2 If you can provide me access to your server and your configuration, I might be able to investigate and maybe come up with a fix.

                    T 1 Reply Last reply Reply Quote 0
                    • T Offline
                      techiem2 @julien-f
                      last edited by

                      @julien-f Thanks!
                      Just got you setup and DM'd.
                      Let me know if you need anything else to poke around on. 🙂

                      1 Reply Last reply Reply Quote 0
                      • julien-fJ Offline
                        julien-f Vates 🪐 Co-Founder XO Team
                        last edited by

                        If other people get the UNABLE_TO_VERIFY_LEAF_SIGNATURE error, check that your XMPP server provides the correct certificate chain.

                        You can use OpenSSL for this:

                        $ openssl s_client -connect $domain:$port -starttls xmpp -showcerts </dev/null
CONNECTED(00000003)
depth=0 CN = $domain
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = $domain
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = $domain
verify return:1
                        1 Reply Last reply Reply Quote 1
                        • olivierlambertO olivierlambert marked this topic as a question on
                        • olivierlambertO olivierlambert has marked this topic as solved on
                        • First post
                          Last post