ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Unable to download: (certificate verify failed)

https://mail.forum.configserver.com/viewtopic.php?t=9274

Page 1 of 1

Unable to download: (certificate verify failed)

Posted: 22 Feb 2016, 10:48
by Mick
I'm trying to add this link to my csf.blocklists file.

There is a problem however as I'm getting the following error: Unable to download: Can't connect to raw.githubusercontent.com:443 (certificate verify failed)

Is there any work around to this (there isn't an http equivalent page I can find)?

Thank you.

Re: Unable to download: (certificate verify failed)

Posted: 22 Feb 2016, 16:08
by ForumAdmin
That's an issue with checking the githubusercontent.com certificate by LWP for some reason. To work around it for now, you can edit /usr/local/csf/lib/ConfigServer/URLGet.pm and go to the line with:

Code: Select all

        my $ua = LWP::UserAgent->new;
and add the following to a line after:

Code: Select all

        $ua->ssl_opts(verify_hostname => 0);
Then restart lfd.

However, that link you posted is not a list of IP/CIDR addresses which is required for csf/lfd to parse.

Re: Unable to download: (certificate verify failed)

Posted: 22 Feb 2016, 16:16
by Mick
Thanks for the reply, the help I've had since getting interested in CSF/LFD on the forum has been amazing, so really appreciated.

So, the link is NOT compatible - thanks for the information. I know Marcele mentioned in another thread about compatibility issues with blocklists but I was unsure exactly what is required and what wasn't.

I'll see if I can find out more by looking into the lists are know ARE allowed.

Thanks again.

Re: Unable to download: (certificate verify failed)

Posted: 22 Feb 2016, 21:42
by marcele
Just a quick note that when I talked to Costa from Firehol he didn't want us linking directly to the github lists which is why we let CSF parse the original source URL directly (having a bunch of servers refresh from his github isn't good). I've tried to go though and test all of the lists that were parsable by CSF. Some of these lists are better than others. You should also use caution when using these lists as you are at the mercy of the blocklist maintainer.

Re: Unable to download: (certificate verify failed)

Posted: 22 Feb 2016, 22:41
by Mick
Hi Marcele - thanks for the reply. I understand his concern, however the github link above is actually the link that Firehol uses to update, so I thought it ok to post.

I'm currently looking at tackling this another way and using Firehols excellent scripts to update and create the ipsets required on my server and then adding the rules to CSF to use them. There are a few finer points I need to sort out such as maintaining the ipsets on server reboot and exactly how best to add the rules to CSF, but I'm getting there slowly. Any advice appreciated..

Regards.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited