I’m learning MongoDB and set up an Atlas account. I’m trying to connect to my database using mongosh, allowed all IPs, set up my user and password credentials but I’m getting an error:
MongoServerSelectionError: Hostname/IP does not match certificate's altnames: Host: ac-kiiemsq-shard-00-00.cbhjwlv.mongodb.net. is not in the cert's altnames: DNS:*.mongodb.net, DNS:mongodb.net
Upon checking my logs, this is what shows:
{"t":{"$date":"2023-02-15T10:21:27.465Z"},"s":"I","c":"MONGOSH","id":1000000000,"ctx":"log","msg":"Starting log","attr":{"execPath":"/opt/homebrew/Cellar/node/19.6.0/bin/node","envInfo":{"EDITOR":null,"NODE_OPTIONS":null,"TERM":"xterm-256color"},"version":"1.7.1","distributionKind":"packaged","buildArch":"x64","buildPlatform":"linux","buildTarget":"unknown","buildTime":"2023-02-13T19:19:00.135Z","gitVersion":"1bf0d7775443ac1849cc2597465d54eca867acea","nodeVersion":"v19.6.0","opensslVersion":"1.1.1s","sharedOpenssl":true}}
{"t":{"$date":"2023-02-15T10:21:27.469Z"},"s":"I","c":"MONGOSH","id":1000000005,"ctx":"config","msg":"User updated"}
{"t":{"$date":"2023-02-15T10:21:27.470Z"},"s":"I","c":"MONGOSH","id":1000000048,"ctx":"config","msg":"Loading global configuration file","attr":{"filename":"/etc/mongosh.conf","found":false}}
{"t":{"$date":"2023-02-15T10:21:27.475Z"},"s":"E","c":"DEVTOOLS-CONNECT","id":1000000041,"ctx":"mongosh-deps","msg":"Missing optional dependency","attr":{"name":"mongodb-client-encryption","error":"Cannot find module 'mongodb-client-encryption'\nRequire stack:\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/node_modules/#mongodb-js/devtools-connect/lib/connect.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/node_modules/#mongodb-js/devtools-connect/lib/index.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/node_modules/#mongosh/service-provider-server/lib/cli-service-provider.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/node_modules/#mongosh/service-provider-server/lib/index.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/lib/cli-repl.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/lib/index.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/lib/run.js\n- /opt/homebrew/Cellar/mongosh/1.7.1/libexec/lib/node_modules/#mongosh/cli-repl/bin/mongosh.js"}}
{"t":{"$date":"2023-02-15T10:21:27.517Z"},"s":"I","c":"DEVTOOLS-CONNECT","id":1000000039,"ctx":"mongosh-connect","msg":"Resolving SRV record succeeded","attr":{"from":"mongodb+srv://<credentials>#cluster0.cbhjwlv.mongodb.net/myFirstDatabase?appName=mongosh+1.7.1","to":"mongodb://<credentials>#ac-kiiemsq-shard-00-00.cbhjwlv.mongodb.net,ac-kiiemsq-shard-00-01.cbhjwlv.mongodb.net,ac-kiiemsq-shard-00-02.cbhjwlv.mongodb.net/myFirstDatabase?appName=mongosh+1.7.1&authSource=admin&replicaSet=atlas-142s5d-shard-0&tls=true","resolutionDetails":[{"query":"SRV","hostname":"_mongodb._tcp.cluster0.cbhjwlv.mongodb.net","error":null,"wasNativelyLookedUp":true},{"query":"TXT","hostname":"cluster0.cbhjwlv.mongodb.net","error":null,"wasNativelyLookedUp":true}]}}
{"t":{"$date":"2023-02-15T10:21:27.530Z"},"s":"I","c":"DEVTOOLS-CONNECT","id":1000000042,"ctx":"mongosh-connect","msg":"Initiating connection attempt","attr":{"uri":"mongodb://<credentials>#ac-kiiemsq-shard-00-00.cbhjwlv.mongodb.net,ac-kiiemsq-shard-00-01.cbhjwlv.mongodb.net,ac-kiiemsq-shard-00-02.cbhjwlv.mongodb.net/myFirstDatabase?appName=mongosh+1.7.1&authSource=admin&replicaSet=atlas-142s5d-shard-0&tls=true","driver":{"name":"nodejs|mongosh","version":"4.14.0"},"devtoolsConnectVersion":"1.4.4","host":"ac-kiiemsq-shard-00-00.cbhjwlv.mongodb.net:27017,ac-kiiemsq-shard-00-01.cbhjwlv.mongodb.net:27017,ac-kiiemsq-shard-00-02.cbhjwlv.mongodb.net:27017"}}
{"t":{"$date":"2023-02-15T10:21:27.867Z"},"s":"W","c":"DEVTOOLS-CONNECT","id":1000000034,"ctx":"mongosh-connect","msg":"Server heartbeat failure","attr":{"connectionId":"ac-kiiemsq-shard-00-02.cbhjwlv.mongodb.net:27017","failure":"","isFailFast":false,"isKnownServer":true}}
{"t":{"$date":"2023-02-15T10:21:28.053Z"},"s":"W","c":"DEVTOOLS-CONNECT","id":1000000034,"ctx":"mongosh-connect","msg":"Server heartbeat failure","attr":{"connectionId":"ac-kiiemsq-shard-00-01.cbhjwlv.mongodb.net:27017","failure":"Hostname/IP does not match certificate's altnames: Host: ac-kiiemsq-shard-00-01.cbhjwlv.mongodb.net. is not in the cert's altnames: DNS:*.mongodb.net, DNS:mongodb.net","isFailFast":false,"isKnownServer":true}}
{"t":{"$date":"2023-02-15T10:21:28.200Z"},"s":"W","c":"DEVTOOLS-CONNECT","id":1000000034,"ctx":"mongosh-connect","msg":"Server heartbeat failure","attr":{"connectionId":"ac-kiiemsq-shard-00-00.cbhjwlv.mongodb.net:27017","failure":"Hostname/IP does not match certificate's altnames: Host: ac-kiiemsq-shard-00-00.cbhjwlv.mongodb.net. is not in the cert's altnames: DNS:*.mongodb.net, DNS:mongodb.net","isFailFast":false,"isKnownServer":true}}
I’ve tried connecting through Mongodb Compass and the connection is successful. I'm using a Mac with mongoDB and Mongosh installed through brew, all updated to the latest version.
If you downgrade your version of mongosh to 1.6.2, you will be able to connect.
brew uninstall mongodb-community
brew uninstall mongosh
wget https://raw.githubusercontent.com/Homebrew/homebrew-core/4519776bc4563548dcd8c8639ac7e073b107c381/Formula/mongosh.rb
brew install ./mongosh.rb
I'm using http-proxy-middleware to proxy some requests.
I can proxy correct some APIs but I'm getting 504 in one of them.
I believe this has something to do with the network (corp laptop).
I've run all of these commands to make sure it's all set corretly. My password has the character . (the dot). I don't think it has anything to do with it.. but we never now. I've also tried the base64 just in case but got the same result.
npm config set registry http://registry.npmjs.org/
npm config set http-proxy http://username:password#ip:port
npm config set https-proxy http://username:password#ip:port
npm config set proxy http://username:password#ip:port
npm set strict-ssl false
I'm getting this in the console:
[HPM] Error occurred while proxying request localhost:3000/produXXXXXXXXXXXX to https://XXXXXXXX [ENOTFOUND] (https://nodejs.org/api/errors.html#errors_common_system_errors)
Just replaced with XXXX because it's a corp url.
It works perfectly from postman with the same proxy server auth.
Any advice?
Thanks!
I am trying to download URL xlsx and storage an specific directory but I've got the follow message error:
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to
get local issuer certificate (_ssl.c:1129)')))
Follow my python 3 code bellow:
import requests
dls = ('https://git.aneel.gov.br/publico/centralconteudo/-/raw/main/relatorioseindicadores/geracao/BD_SIGA.xlsx?')
resp = requests.get(dls)
with open(r'C:\Users\Lucas\output\aneltest.xls', 'wb') as output:
output.write(resp.content)
How could I fix that?
Thanks
I am trying to setup a development environment using HTTP2 requests with Vite and a local backend. I proxy requests between client and server both running on localhost. The server is configured with a generated certificate using Mkcert (https://github.com/FiloSottile/mkcert).
Configuration:
To configure the certificate I run the following steps:
mkcert.exe -pkcs12 "test" "127.0.0.1" "localhost"
Configure the backend to use the generated cert
mkcert.exe -install
Use the following vite configuration:
server: {
https: {
pfx: fs.readFileSync(`./cert/test.pfx`),
passphrase: "some-phrase",
},
proxy: {
"/api": {
target: `https://localhost:15000`,
changeOrigin: true,
secure: true,
},
},
},
Currently this configuration works on Mac but fails on Windows. Both use the same backend and certificates but on Windows the proxy will fail with: "unable to verify the first certificate". In the browser the certificate chain is a correctly validated.
Troubleshooting:
When I run openssl s_client -showcerts -connect localhost:15000 -servername localhost the query results in "unable to verify the first certificate" as well basically indicating that the mkcert Root CA isn't properly found.
Using openssl s_client -showcerts -CAfile "C:\Users\SomeUser\AppData\Local\mkcert\rootCA.pem" -connect localhost:15000 -servername localhost the certificates will be correctly validated. This should indicate that the proxy lacks a reference to the rootCA of Mkcert.
I have tried supplying the rootCA using the following script in package.json:
"dev": "cross-env NODE_EXTRA_CA_CERTS=\"C:\\Users\\SomeUser\\AppData\\Local\\mkcert\\rootCA.pem\" && vite",
This doesn't help however and the proxy still fails with the same error. I assume Mac and Windows work differently when supplying the CA root certs to Node or fails silently?
Anyway, how can this solved? I have been thinking about supplying the full cert chain in a cert that I supply to Vite, but this shouldn't be needed if Node could just reference the RootCA correctly.
I've trouble in connecting to a wss secured socket server via google appengine frontend with managed VM support.
buy default google exposes only port 8080 in docker image google/nodejs-runtime, Even if expose port 8443 in Dockerfile like below i can connect only to http://localhost:8080 not https://localhost:8443
FROM google/nodejs
WORKDIR /app
ADD package.json /app/
RUN npm install
ADD . /app
EXPOSE 8443
CMD []
ENTRYPOINT ["/nodejs/bin/npm", "start"]
Still i can see port 8080 include in the container
"/nodejs/bin/npm start 8443/tcp, 0.0.0.0:8080->8080/tcp
If i log in to my managed vm instance and run the container image with
docker run -d -p 8443:8443 nodejs.default.wss-check:latest
and try
$curl https://localhost:8443
I get curl: (60) SSL certificate problem: unable to get local issuer certificate, It looks like its connecting but i've to use realdomain name
I've created a issue in github aswell https://github.com/GoogleCloudPlatform/appengine-nodejs-quickstart/issues/13, but not that helpful.
Same set up works like a charm in normal compute instance. but it doesn't auto scale.
Any help on this issue will be appreciated.
The reason you can't curl to https on localhost (curl: (60) SSL certificate problem: unable to get local issuer certificate) is because "localhost" is unknown to any CA. You need to run curl -k https://localhost:8443 to get it to ignore the lack of a certificate for localhost.
Looks like currently Google Managed VM supports Websocket connection only on JAVA
Even if you try websocket connection on with nodejs on GMV it defaults to polling transport. if you wanna see this in live you can use set socket transports, deploy to live and look in to console- network and see which transport its using!
socket.set('transports', [
'websocket'
, 'flashsocket'
, 'htmlfile'
, 'xhr-polling'
, 'jsonp-polling'
]);
We have to wait untill google implements websocket support in Managed VM. If anyone get this working on GMV, Please comment here :)