Lets Encrypt error

Use this Forum to find information on, or ask a question about, NASA Earth Science data.
Locked
jeffg
Posts: 11
Joined: Sat Oct 14, 2006 9:37 am America/New_York
Answers: 0

Lets Encrypt error

by jeffg » Fri Oct 01, 2021 1:57 pm America/New_York

I'm not sure if I'm in the right place, hopefully this is Oceancolor!

Just starting today, we're having trouble downloading files from our subscription, using wget. We get an error "Let's Encrypt - Issued Certificate has Expired"

Am I the only one getting that?

Thanks

Jeff
by OB.DAAC - amscott » Mon Oct 04, 2021 8:37 am America/New_York
It's great that you both have been able to retrieve your data!

To follow up on our end: Our system admins confirmed that if/when you receive messages like 'Let's Encrypt' or similar, first make sure that you have applied all available software updates and security patches to your own systems. A reboot may be required. Once your system is patched you should be able to connect to NASA OceanColor.

Learn more: how to fix dst root ca x3 expiration
Go to full post

Tags:

OB.DAAC - amscott
User Services
User Services
Posts: 345
Joined: Mon Jun 22, 2020 5:24 pm America/New_York
Answers: 1
Has thanked: 8 times
Been thanked: 3 times

Re: Lets Encrypt error

by OB.DAAC - amscott » Fri Oct 01, 2021 3:16 pm America/New_York

Hi Jeff,

Our systems admins updated certificates this morning. To help us figure out if this caused an issue for you, please send an email to connection_problems@oceancolor.sci.gsfc.nasa.gov with the following information:

1. The date and time you last attempted to access the site

2. The IP network address of your system.
You may also want to verify that we see you as that address by visiting an IP-checking website:
https://www.google.com/#q=what+is+my+ip+address

3. Output from a traceroute command (on Windows use tracert)
Examples:
traceroute oceancolor.gsfc.nasa.gov
or
traceroute oceandata.sci.gsfc.nasa.gov

4. Output from "wget -d https://oceancolor.gsfc.nasa.gov"
or "wget -d oceandata.sci.gsfc.nasa.gov"

Alternatively, you can try "curl -IL --verbose https://oceancolor.gsfc.nasa.gov"

stephm_ucsb
Posts: 3
Joined: Fri Oct 01, 2021 6:04 pm America/New_York
Answers: 0

Re: Lets Encrypt error

by stephm_ucsb » Fri Oct 01, 2021 6:14 pm America/New_York

Got the same issue today. Was able to go around it by using --no-check-certificate in the wget command.

jeffg
Posts: 11
Joined: Sat Oct 14, 2006 9:37 am America/New_York
Answers: 0

Re: Lets Encrypt error

by jeffg » Sat Oct 02, 2021 10:08 am America/New_York

Alicia, thanks for the response. The connection started to work yesterday PM, it appears to be working fine now. I don't know what changed, but I'm good with it!

Thanks guys.
Jeff

OB.DAAC - amscott
User Services
User Services
Posts: 345
Joined: Mon Jun 22, 2020 5:24 pm America/New_York
Answers: 1
Has thanked: 8 times
Been thanked: 3 times

Re: Lets Encrypt error

by OB.DAAC - amscott » Mon Oct 04, 2021 8:37 am America/New_York

It's great that you both have been able to retrieve your data!

To follow up on our end: Our system admins confirmed that if/when you receive messages like 'Let's Encrypt' or similar, first make sure that you have applied all available software updates and security patches to your own systems. A reboot may be required. Once your system is patched you should be able to connect to NASA OceanColor.

Learn more: how to fix dst root ca x3 expiration

dortenzio
Posts: 16
Joined: Fri Jan 20, 2006 11:12 am America/New_York
Answers: 0

Re: Lets Encrypt error

by dortenzio » Fri Oct 08, 2021 12:50 am America/New_York

Hello

I have solved the present certificate issue in downloading by simply adding a --no-check-certificate to my wgets. However, my code of generation of MODIS L2 have a no zero exit at the subroutine get_anc.py and MODIS_geo.py (see later error logs). I guess that it is still related to certificate issues (as starting the 1st October) that prevented direct wget.
Any suggestions/hints would be really appreciated.

Thank you
Fabrizio

Traceback (most recent call last):
File "/omtab/home/fabrizio/ocssw//scripts/modis_GEO.py", line 194, in <module>
sys.exit(main())
File "/omtab/home/fabrizio/ocssw//scripts/modis_GEO.py", line 185, in main
m.atteph()
File "/omtab/home/fabrizio/ocssw/scripts/modules/modis_GEO_utils.py", line 238, in atteph
get.findweb()
File "/omtab/home/fabrizio/ocssw/scripts/modules/anc_utils.py", line 428, in findweb
verbose=self.verbose
File "/omtab/home/fabrizio/ocssw/scripts/modules/ProcUtils.py", line 74, in httpdl
with closing(obpgSession.get(urlStr, stream=True, timeout=timeout)) as req:
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 479, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 467, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 570, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Aqua
Traceback (most recent call last):
File "/omtab/home/fabrizio/ocssw//scripts/getanc.py", line 196, in <module>
sys.exit(main())
File "/omtab/home/fabrizio/ocssw//scripts/getanc.py", line 189, in main
g.findweb()
File "/omtab/home/fabrizio/ocssw/scripts/modules/anc_utils.py", line 428, in findweb
verbose=self.verbose
File "/omtab/home/fabrizio/ocssw/scripts/modules/ProcUtils.py", line 74, in httpdl
with closing(obpgSession.get(urlStr, stream=True, timeout=timeout)) as req:
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 479, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 467, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 570, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

aafc_aesb_eos
Posts: 1
Joined: Wed Oct 20, 2021 10:27 am America/New_York
Answers: 0

Re: Lets Encrypt error

by aafc_aesb_eos » Wed Oct 20, 2021 10:29 am America/New_York

I am having exactly the same problem trying to download MOD09GA data, with the same error messages as above.

Any solutions would be appreciated.

OB.DAAC - amscott
User Services
User Services
Posts: 345
Joined: Mon Jun 22, 2020 5:24 pm America/New_York
Answers: 1
Has thanked: 8 times
Been thanked: 3 times

Re: Lets Encrypt error

by OB.DAAC - amscott » Wed Oct 20, 2021 1:33 pm America/New_York

Hello Fabrizio (and others in the thread),

I would agree that your issue is with the certificate and so the recommendation for you is mentioned above:
To follow up on our end: Our system admins confirmed that if/when you receive messages like 'Let's Encrypt' or similar, first make sure that you have applied all available software updates and security patches to your own systems. A reboot may be required. Once your system is patched you should be able to connect to NASA OceanColor.

Learn more: how to fix dst root ca x3 expiration

ragwang
Posts: 2
Joined: Tue Apr 05, 2022 2:35 am America/New_York
Answers: 0

Re: Lets Encrypt error

by ragwang » Tue Apr 05, 2022 2:36 am America/New_York

I have an issue while downloading the data can anyone suggest on this

ERROR: cannot verify disc2.gesdisc.eosdis.nasa.gov's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=R3':
Unable to locally verify the issuer's authority.

OB.DAAC - amscott
User Services
User Services
Posts: 345
Joined: Mon Jun 22, 2020 5:24 pm America/New_York
Answers: 1
Has thanked: 8 times
Been thanked: 3 times

Re: Lets Encrypt error

by OB.DAAC - amscott » Tue Apr 05, 2022 4:32 pm America/New_York

See solution above ^^

Locked