I’ve got a command set up as a URL fetch, so that I can have it chain two commands together with an API call (through my own bot account)… Nightbot’s done this perfectly for a long time, with no issues.
The external server I run the URL fetch from has changed its SSL certificate, as the old one expired, but it appears that Nightbot is unable to dump the old certificate and cache the new one instead. When running the command, I get “Unable To Connect To Server” as the chat response from Nightbot, rather than it fetching from the URL as before.
This is definitely SSL related, as if we disable SSL redirection, and I change the URL from https:// to http://, it works perfectly. However, my server host does not want to leave non-SSL connections enabled (which is good practice anyway), so I’m hoping someone has a solution for making this work correctly and forcing Nightbot to pick up the new certificate, rather than just throwing an error.
Obviously I can’t see any error logs from Nightbot, so it’s impossible for me to see exactly why it doesn’t like the connection, but if there’s any information needed from me for this, please do let me know!
It would be fairly surprising if this was caused by an expired cached certificate. I’d recommend testing the url with https://www.ssllabs.com/ssltest/ first to make sure the server’s configuration is setup properly. My guess here is: invalid certificate chain
Interesting! The problem only started after the certificate was renewed, which is what lead us to that conclusion.
I’ve checked on the site you suggested, and it does indeed show an incomplete chain, plus extra certs too… I’ll let the server owner know, and see if he can shed some light on it.
Are you able to give me more information on how Nightbot’s URL fetch function handles SSL etc? It’d be useful to understand what it does and doesn’t consider to be acceptable/valid.
I’ve checked on the site you suggested, and it does indeed show an incomplete chain, plus extra certs too… I’ll let the server owner know, and see if he can shed some light on it.
If there’s extra certs and the chain is incomplete, then either the intermediate certificates were combined improperly (or not at all) or the chain file (if the web server in use has that configuration) was not updated to the new chain.
Are you able to give me more information on how Nightbot’s URL fetch function handles SSL etc? It’d be useful to understand what it does and doesn’t consider to be acceptable/valid.
Basically anything valid is supported so long as the server supports the TLS version and algorithm. We do not handle any SSL operations ourselves and that logic would all be upstream in dependencies.
So as the person who runs the site and made the code for DJ, I redone all the certs again and the same as always and well its working fine with chains perfect. Looks like the hosting panel may of not gave me the full intermediate cert before and this time it did, Mine come as one file and not needed to be combined. all in all working as it should.