Error response when uploading forms

Hello folks …

After updating the certs for the 3.x remote CHT server with new certs , am not getting errors when uploading forms to the server as seen below

cliff@cliff-Latitude-5580:~/Documents/project/medic/mydhi-cht-config/config$ cht --url=https://medic:password@cht.openelis-global.org convert-app-forms upload-app-forms -- library
INFO Checking that https://medic:****@cht.openelis-global.org/medic/ is available... 
ERROR Failed to get a response from https://medic:****@cht.openelis-global.org/medic/. Maybe you entered the wrong URL, wrong port or the instance is not started? Please check and try again. 
cliff@cliff-Latitude-5580:~/Documents/project/medic/mydhi-cht-config/config$ cht --url=https://medic:password@cht.openelis-global.org convert-app-forms upload-app-forms -- library
INFO Checking that https://medic:****@cht.openelis-global.org/medic/ is available... 
ERROR Failed to get a response from https://medic:****@cht.openelis-global.org/medic/. Maybe you entered the wrong URL, wrong port or the instance is not started? Please check and try again. 
cliff@cliff-Latitude-5580:~/Documents/project/medic/mydhi-cht-config/config$ cht --url=https://medic:password@cht.openelis-global.org convert-app-forms upload-app-forms INFO Checking that https://medic:****@cht.openelis-global.org/medic/ is available... 
ERROR Failed to get a response from https://medic:****@cht.openelis-global.org/medic/. Maybe you entered the wrong URL, wrong port or the instance is not started? Please check and try again. 
cliff@cliff-Latitude-5580:~/Documents/project/medic/mydhi-cht-config/config$ cht --url=https://medic:password@cht.openelis-global.org convert-app-forms upload-app-forms 
INFO Checking that https://medic:****@cht.openelis-global.org/medic/ is available... 
ERROR Failed to get a response from https://medic:****@cht.openelis-global.org/medic/. Maybe you entered the wrong URL, wrong port or the instance is not started? Please check and try again. 
cliff@cliff-Latitude-5580:~/Documents/project/medic/mydhi-cht-config/config$

Any thoughts on the cause of this ?
@mrjones @jkuester

@cliff - it looks like your TLS set is likely missing the intermediate cert. Note the unable to verify the first certificate below and that SSL Labs is reporting chain issues.

openssl s_client -connect cht.openelis-global.org:443                 
CONNECTED(00000003)
depth=0 C = US, ST = Washington, O = University of Washington, CN = *.openelis-global.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Washington, O = University of Washington, CN = *.openelis-global.org
verify error:num=21:unable to verify the first certificate
verify return:1

The easiest way to fix this is to ensure you have the latest private key in one file (default.key) and then concatenate your primary certificate followed by any intermediate chain certificates into the certificate file (default.crt). You should be able to download these from your certificate authority (CA), which looks to be Internet2/InCommon,.

After you have installed the key and certs and restarted nginx, test in with SSL Labs and openssl per above.

Best of luck!

thanks @mrjones ,
would creating a new private key and feeding it into defaulty.key fix this? ,since we already created a new cert

We just need to concatenate the intermediate cert to the first cert

@cliff - I’m not quite sure of the state of your TLS files in the CHT container, but if you have them all from your CA, or can download them again, then you shouldn’t need to create a new private key.

I would check on what @mozzy suggested and see if you need to concatenate the intermediate cert - this sounds promising!

Thanks @mrjones ,yeah we did concatenate in the intermediate certs