I am getting this error, when I try to connect a normal user. It seems like the admin credentials are working but not for normal user.
Has someone encounter such an error?
I am getting this error, when I try to connect a normal user. It seems like the admin credentials are working but not for normal user.
Hi @Adrien_Tchounkeu and welcome to the CHT forum!
If you have already followed the tls certificate installation steps here, check whether you have the correct ip address. It should be 192.168.8.126. If that’s not your current IP you’ll need to repeat the tls installation steps.
EDIT: Correction, you won’t need to repeat the installation steps, just update your url to match your current ip address.
Correction on the above, you won’t need to repeat the installation steps, just update your url to match your current ip address.
Thanks @samuel
When I follow the steps, all the success messages are displayed.
However, I did this before but when I wanted to access my local instance through IP_ADDRESS:PORT; I got that error. As if adding the port, the Certificate isn’t the same.
But, I am seeing that the certificate has been installed under 192.168.8.126 because I don’t have that issue anymore. But not on :8446(port that I am using)
@Adrien_Tchounkeu how exactly are you running the CHT instance that is listening on port 8446? Also, it would be helpful to confirm exactly which cert is getting picked up. In your browser’s address bar, can you click on Not secure > Certificate is not valid and then post a screenshot of the certificate details that get shown?
@jkuester I am actually running the CHT instance with docker through the command ./cht-docker-compose.sh -e <env_file_path>. Below is the SSL certificate:
@Adrien_Tchounkeu okay great! That is the same setup that I had when I saw this issue. Notice that your certificate expired last Saturday. This is the problem. What I realized is that The docker container spun up by cht-docker-compose.sh does not automatically refresh its SSL certificate when it expires. So, to get a new certificate you need to re-create the containers by running
./cht-docker-compose.sh -e <env_file_path> -d down
and then
./cht-docker-compose.sh -e <env_file_path> -d up
This should re-create the docker container with a new SSL cert (while still keeping all your existing in your CouchDB since the Docker volume is not destroyed).
c.c. @mrjones in case I am missing something here.
@jkuester - Correct! We have a check to see if the cert is expired and re-install it if so which was added back in October.
It will be slightly faster to grab the medic-os container name via a docker call (docker ps --format '{{.Names}}') and then run the script which JUST re-installs the cert (./cht-core/scripts/add-local-ip-certs-to-docker.sh MEDIC-OS-CONTAINER-NAME), as it avoids restarting all the containers. I note this because it’s the same script @samuel suggested you run, but with the extra argument of the specific medic-os container you need operate on. Given your port number of 8446, I suspect you’re running more than one instance of the CHT, so this might be helpful to know.
I have been running 3 instances of the CHT.