Deploy Hanging when using HTTPS Request node

GregHNZ · 4 July 2023 22:03

We have recently moved for Public to Private certificates for our internal servers.

Up to the change over point we had no problems connecting HTTP Request nodes to our ERP servers to consume ODATA feeds but now we get "RequestError: unable to get local issuer certificate" on the HTTP Request Node.

When trying to work with these nodes to cure the problem trying to deploy the page will just sit with the ||||| bars cycling.

We can add a new HTTP req node and publish but usually once we add a URL to the node the page "hangs"
Sometimes we can get past adding the URL to adding credentials, and but whenever we try to add the

.pem file to a TLS config it always hangs.

Is there anywhere we can trace whats causing the issue? Or any other suggestions to get around the "RequestError: unable to get local issuer certificate" issue?

Steve-Mcl · 5 July 2023 05:56

I suspect Node-RED might be crashing.

What do you see in the node-red logs?

Ps: what version of Node-RED are you running? What version of NODEJS are you running and how/where is Node-RED running (docker? Part of home assistant? In Windows/Mac/pi/other?)

GregHNZ · 6 July 2023 02:24

Hi Stephen
Thanks for coming back. I think I may have found the issue
After chucking just about everything but the kitchen sink at it I discovered a different flow had open credentials for an sFTP connection. I tidied this up and could deploy again.
I then played with credentials Secret and when changing back to default, had issues with deploying again as the pwds had been lost when changing from declared password in settings.js to default method. Adding the passwords in again allowed deployment.
So have re-instated declared credentialsSecret and have applied correct credentials to connections and all appears to work again
Interestingly though I see nothing when running sudo journalctl -u node-red -e -f -n 50 , any suggestions of other ways to view logs?

Steve-Mcl · 6 July 2023 06:00

To answer that, you will need to provide the requested information

& additionally, the method you used to install Node-RED

GregHNZ · 9 July 2023 02:22

Hi Stephen
Node.js ver 16.19.0
Node-red ver 3.0.2
OS Ubuntu Server 22.04 LTS
Node-Red installed to Native OS using
bash <(curl -sL https://raw.githubusercontent.com/node-red/linux-installers/master/deb/update-nodejs-and-nodered)

Cheers
Greg

Steve-Mcl · 9 July 2023 04:10

Does node-red-log show you any logs?

GregHNZ · 9 July 2023 20:14

Hi Stephen
Yes it does, and I think it might be a firewall problem. When I publish a node or save a change I get something like

10 Jul 08:10:24 - [audit] {"event":"flows.set","type":"flows","level":98,"path":"/flows","ip":"10.233.225.176","timestamp":1688933424561}

10 Jul 08:10:24 - [info] Stopping modified flows

10 Jul 08:10:24 - [info] Stopped modified flows

10 Jul 08:10:24 - [info] Updated flows

10 Jul 08:10:24 - [info] Starting modified flows

10 Jul 08:10:24 - [info] Started modified flows

When I try to publish a node with credentials (such as ftp, https or mqtt) I'm not seeing any action, so it seems the publish is being stopped before it gets to teh server.
So this could either be firewall issue, I'm guessing blocked port/protocol

Will do some further debugging with our n/w team

Cheers
Greg

GregHNZ · 25 July 2023 22:35

Hi Stephen
A quick question on something I just noticed
My Node Red server is on IP Address 10.92.0.168, yet in the event log I see a different address for the Config stuff.

26 Jul 09:47:08 - [audit] {"event":"plugins.list.get","level":98,"path":"/plugins","ip":"10.233.225.176","timestamp":1690321628924}

26 Jul 09:47:08 - [audit] {"event":"comms.open","level":98,"timestamp":1690321628944}

26 Jul 09:47:08 - [audit] {"event":"plugins.configs.get","level":98,"path":"/plugins","ip":"10.233.225.176","timestamp":1690321628946}

26 Jul 09:47:08 - [audit] {"event":"nodes.list.get","level":98,"path":"/nodes","ip":"10.233.225.176","timestamp":1690321628954}

26 Jul 09:47:09 - [audit] {"event":"nodes.icons.get","level":98,"path":"/icons","ip":"10.233.225.176","timestamp":1690321629017}

26 Jul 09:47:09 - [audit] {"event":"nodes.configs.get","level":98,"path":"/nodes","ip":"10.233.225.176","timestamp":1690321629022}

26 Jul 09:47:09 - [audit] {"event":"flows.get","level":98,"path":"/flows","ip":"10.233.225.176","timestamp":1690321629183}

In my simple single server setup should the 10.233.225.176 address below be the same as my server, 10.92.0.168? Is there a config setting to modify this?

Many thanks for any guidance

Steve-Mcl · 25 July 2023 22:42

those IP addresses are the address of the machine calling Node-RED runtime APIs.

Can you verify the IP of the node-red server and the IP of the computer you are using to access node-red?

Is anyone else (on IP 10.233.225.176) accessing node-red? Perhaps a network scanner or enterprise security device for example?

GregHNZ · 16 August 2023 19:58

Hi Steve
Thanks for all you suggestions.
Turns out it is a corporate security issue.
I run a mac and when deploying it seems something (Crowdstrike, Defender, n/w firewalls etc) is stopping the Deploy to the server. If I log into a windows machine, luckily I have a VM for these very cases, all works fine.

Sorry to have wasted your time.

regards

system · 30 August 2023 19:58

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Http Request node "unable to get local issuer certificate" General http-request	2	139	19 August 2024
TLS config for https request - question General http-request , security	1	925	20 March 2022
Deploy "Hangs" all of a sudden General	13	827	14 January 2022
Private cert possible causing "unable to get issuer cert locally" error General	5	255	11 December 2022
Deploy failed: no response from server General	10	3763	5 December 2019

Deploy Hanging when using HTTPS Request node

Related Topics