- edited description
Certificate has expired with new LetsEncrypt certificate
Issue #673
new
Windows 11, VS Code 1.63, Plugin 2.10.0, Bitbucket https://bitbucket.home.kfs.org/ running Bitbucket server behind nginx
Error authenticating with Bitbucket: Error: certificate has expired
While trying to set up an initial Bitbucket connection, it complained the certificate was out of date. After looking at your issue list, I thought an intermediate cert might be out of date so I generated a new certificate which is validated by every tool I could find as being fully up-to date.
SSL Certificate Examination
Host bitbucket.home.kfs.org
URL https://bitbucket.home.kfs.org
Issued For *.home.kfs.org
Issued By Let's Encrypt ( R3 )
SSL Compression SSL Compression disabled.
SSL Chain Validation Successfully validated certificate chain.
Issued For *.home.kfs.org
Issued By Let's Encrypt, US ( R3 )
Signature Algorithm RSA-SHA256
Version 2
Valid From 08-Dec-2021 19:51:21 +0000
Valid To 08-Mar-2022 19:51:20 +0000
Validity (Total) 89 days
Validity (Remaining) 86 days
Serial Number 0x0461191AA316AB37613AE396794FB96D6B04
Serial Number (Hex) 0461191AA316AB37613AE396794FB96D6B04
Issued For Let's Encrypt, US ( R3 )
Issued By Internet Security Research Group, US ( ISRG Root X1 )
Signature Algorithm RSA-SHA256
Version 2
Valid From 04-Sep-2020 00:00:00 +0000
Valid To 15-Sep-2025 16:00:00 +0000
Validity (Total) 1836 days
Validity (Remaining) 1373 days
Serial Number 0x912B084ACF0C18A753F6D62E25A75F5A
Serial Number (Hex) 912B084ACF0C18A753F6D62E25A75F5A
Issued For Internet Security Research Group, US ( ISRG Root X1 )
Issued By Digital Signature Trust Co. ( DST Root CA X3 )
Signature Algorithm RSA-SHA256
Version 2
Valid From 20-Jan-2021 19:14:03 +0000
Valid To 30-Sep-2024 18:14:03 +0000
Validity (Total) 1348 days
Validity (Remaining) 1023 days
Serial Number 85078200265644417569109389142156118711
Serial Number (Hex) 4001772137D4E942B8EE76AA3C640AB7
Addenda:
Turning on debug logging and accessing the Atlassian log window, I see:
[2021-12-11 01:29:02:944] ----------------------------------------------------------------------
[2021-12-11 01:29:02:944] curl -X GET -H "User-Agent:atlascode/2.x axios/0.19.2" -H "X-Atlassian-Token:no-check" -H "Content-Type:application/json" -H "Authorization:Basic redacted" "https://bitbucket.home.kfs.org/rest/api/1.0/users/redacted?avatarSize=64"
[2021-12-11 01:29:02:944] ----------------------------------------------------------------------
[2021-12-11 01:29:03:078] Error: Error authenticating with Bitbucket: Error: certificate has expired
[2021-12-11 01:29:03:078] Error: Authentication error: Error authenticating with Bitbucket: Error: certificate has expired
But if I try that from the command line:
C:\> curl -X GET -H "User-Agent:atlascode/2.x axios/0.19.2" -H "X-Atlassian-Token:no-check" -H "Content-Type:application/json" -H "Authorization:Basic redacted" "https://bitbucket.home.kfs.org/rest/api/1.0/users/redacted"
{"name":"redacted","emailAddress":"redacted@redacted","id":54,"displayName":"Oliver Smith","active":true,"slug":"redacted","type":"NORMAL","links":{"self":[{"href":"https://bitbucket.home.kfs.org/users/redacted"}]},"avatarUrl":"/users/redacted/avatar.png?redacted"}
Comments (5)
-
reporter
-
reporter
For the purpose of additional validation, I found every curl.exe (.bat, .cmd, .ps1) on my system and tried running it with those parameters.
The curl that shipped with Free CAD had the same problem, and an old msys64 curl from 2019 had the same problem.
I realize that the curl command lines are representative, you’re not actually invoking curl, but just in-case I uninstalled each of those curls to eliminate them as a cause. Restarted the system, vs code → atlascode still reports my certificate as expired.
-
i have the same issue, with BB/jira server that has a lets encrypt certificate with chain ISRG Root X1 → R3 → My site
-
reporter
Just created completely new letsencrypt certs and restarted nginx and bitbucket, and the plugin still believes the certificates are expired.
-
Now, the irony is lost on me, but I found a similar issue over at GitLab, but with a fix
API request failed - Error: certificate has expired (#245) · Issues · GitLab.org / gitlab-vscode-extension · GitLab. By disabling the system certificates, I was able to connect to a Let’s Encrypt signed Jira instance. - Log in to comment