Perl script suddenly stopped being able to connect to the API server

I have a perl script that runs twice a month to update the certificates on a nodebalancer using the API. It worked fine on December 5th, but on December 20th, it failed with a "certificate verify failed" error when it tried to connect to the API server.

As far as I can tell by checking with a browser, the API server's certificate is fine, but when perl is failing to verify it for some reason.

I haven't made any changes to the server, so I'm not sure why the certificate verification could have stopped working. Anyone have suggestions?

Edit: further info: when I try accessing the API server using curl, I get: (60) SSL certificate problem: certificate has expired

Which is odd as the certificate on the API site doesn't expire until February.

1 Reply

I've confirmed that the certificate chain on our API endpoints look good, which you mentioned confirming in the browser, so something seems to be going on with your script or configurations. While I don't know exactly what that is, I wanted to offer some resources that could help you figure it out.

Most of what I've found when looking for information about Perl scripts leading to an error of "certificate verify failed" have lead to forums about LWP and are at least 5 years old. It seems really strange that this would suddenly be a problem if it wasn't before, but it's possible something somewhere was updated (or wasn't updated) that is causing incompatibility.

This is one example of the forums I've found though there are others. A lot of what I've read suggests finding a way to force the use of SSL, bypassing certification check, or switching to wget.

To see if there may have been some automatic upgrades to your system recently that could have caused an issue, you can check /var/log/unattended-upgrades/ or whatever the equivalent may be on your distribution.

If nothing changed recently, then it's possible something hasn't changed that needs to. You can look into the version of curl being used and see if there are issues there or use the -v option with the curl command to see what SSL or TLS version is being used. If it's an older one, you can try to force it to use TLSv1.3 which is what I'm seeing in my successful curls to our sites.

I'm not familiar with Perl and I'm hoping someone who is comes to our rescue here, but I wanted to provide some possible place to look. If you find any other information that's helpful to locating the problem, but still haven't found a solution, let us know and we'll see what we can find.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct