Cannot Login - 🌳🌳🌳 Authorization error: Forest server request error: certificate has expired

Hi, following my message in the “Cannot login” thread, i create a new topic as requested
I already tried the curl request given in the other thread

Actual behavior

We cannot login on the dashboard since yesterday. No changes were made on our side in the past months. Here is the message :

image968×242 13.2 KB

Failure Logs

Not sur if this is related but i see this log on our server :

TypeError: Cannot read property 'status' of undefined
    at /home/user/ma-domiciliation-forestadmin/node_modules/forest-express/dist/services/forest-server-requester.js:25:18
    at Request.callback (/home/user/ma-domiciliation-forestadmin/node_modules/superagent/lib/node/index.js:704:3)
    at ClientRequest.<anonymous> (/home/user/ma-domiciliation-forestadmin/node_modules/superagent/lib/node/index.js:637:10)
    at Object.onceWrapper (events.js:315:30)
    at emitOne (events.js:116:13)
    at ClientRequest.emit (events.js:211:7)
    at TLSSocket.socketErrorListener (_http_client.js:387:9)
    at emitOne (events.js:116:13)
    at TLSSocket.emit (events.js:211:7)
    at emitErrorNT (internal/streams/destroy.js:64:8)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)

Context

Please provide any relevant information about your setup.

• forest-express-sequelize version : 4.0.2
  (i know we should upgrade someday and i hope it’s not related to this, but the breaking changes on the Smart Actions will require a lot of work on our side and our customer can’t afford it right now)
• Express Version: 4.16.4
• Sequelize Version: 4.42.0
• Database Dialect: postgres
• Project Name: ma-domiciliation

Thanks in advance

Hello @kmcb,

Thanks for sharing your problem with us, with all the details you provided

Can you confirm that you are using forest-express-sequelize version 4? If it is the case, your problem is not related to the thread “Cannot login”, which impacted only recent versions 7 and above.

I’ll investigate on my side about the specific line that is causing this issue and let you know if I find anything.

Ok thanks a lot, yes i confirm that we use forest-express-sequelize version 4

I thought it was related to the other topic because it happened at the same time

Looking at the code, your agent is getting an error when contacting the api from forest, but there is a problem with the code that handles errors.

This has been fixed with version 5.0.1

Do you have the possibility to upgrade to 5.0.1, just to have more details about this error?

I just upgraded to 5.1
Now i get the error “your password is incorrect, please try again”, even after a password reset.
And i see this error in the server logs :

An error occured while retrieving your IP whitelist. Your Forest envSecret seems to be missing or unknown. Can you check that you properly set your Forest envSecret in the Forest initializer?

The FOREST_ENV_SECRET is still defined in the env, i didn’t see any change about this in the “migrate to v5” guide, is there something we need to do ?

edit : in our code it’s set like this :

app.use(
  Liana.init({
    modelsDir: __dirname + "/models",
    envSecret: process.env.FOREST_ENV_SECRET,
    authSecret: process.env.FOREST_AUTH_SECRET,
    sequelize: require("./models").sequelize
  })
)

Do you have any log entry before the one you pasted?

I’m just thinking about it, do you have a way to run a curl on https://api.forestadmin.com from the server that is having the issue?
I would like to know if you have an error regarding the certificate of this endpoint.

No, it’s the only line i see in the logs
I tried to upgrade liana to v6.4 and i’m back to the first message : “Your admin backend is unreachable. Please check that it is running and respond to https://admin.ma-domiciliation.fr.”

I just tried a simple “curl https://api.forestadmin.com” from the server and i get this response :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

after a few more changes - i’m still on liana 6.4 -, i now have this error in the logs when login :

OPTIONS /forest/sessions 200 6.997 ms - 2
[forest] 🌳🌳🌳  Authorization error: Forest server request error: certificate has expired
VError: Forest server request error: certificate has expired
    at /home/user/ma-domiciliation-forestadmin/node_modules/forest-express/dist/services/forest-server-requester.js:46:23
    at Request.callback (/home/user/ma-domiciliation-forestadmin/node_modules/forest-express/node_modules/superagent/lib/node/index.js:893:3)
    at ClientRequest.<anonymous> (/home/user/ma-domiciliation-forestadmin/node_modules/forest-express/node_modules/superagent/lib/node/index.js:810:12)
    at emitOne (events.js:116:13)
    at ClientRequest.emit (events.js:211:7)
    at TLSSocket.socketErrorListener (_http_client.js:387:9)
    at emitOne (events.js:116:13)
    at TLSSocket.emit (events.js:211:7)
    at emitErrorNT (internal/streams/destroy.js:64:8)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
POST /forest/sessions 401 231.367 ms - -

Hello, @kmcb,

Someone else is having the same issue, and it seems to come from the version of the OS.

Let’s encrypt’s root certificate expired yesterday, and it is using now a new root certificate. Old versions of OSs only embed the old version of this root certificate, and then consider that the new certificate for https://api.forestadmin.com has expired.

Another client managed to get your initial problem fixed by upgrading the docker image it was using.

Are you in a situation where you can upgrade the context on which it is running?

I think you can rollback all other changes made before.

Hello again Guillaume,
We just updated the server’s OS but we still have the same error.
And i have the same error on my localhost with a different (and also up-to-date) OS.

Which version of node are you using?

This project was on Node 8. I just tested with Node 10 but still the same error

It turns out that when using node 10’s latest version the problem seems to be solved

However i have one last question : Despite upgrading to Liana v6, i get a message when starting my server saying that our current version “is DEPRECATED and will soon be BLOCKED”.
Do you know the approximative date for this ?
While debugging the login problem, i tried to upgrade to Liana v7, i spent quite some time having problems one after another, and i finally gave up on this one because the suggestions didn’t work for me : Unexpected error: connect ECONNREFUSED 127.0.0.1:443 - #10 by schalkwijk

Hello,

The blocking will be done by the browsers, that won’t support connecting to localhost from an unsecure web application.

This will prevent you to use your development environments. Chrome was supposed to release this new rule this summer.

You can open a new thread and we will help you upgrading to the v7.