How To Solve Elm make HTTPS Certificate Problem

I am trying to use elm make on windows azure here. When I run it like this:

elm make StringBuilderWebApp.elm

It fails with following output:

-- HTTP PROBLEM ----------------------------------------------------------------

The following HTTP request failed:

    <https://package.elm-lang.org/all-packages>

Here is the error message I was able to extract:

    HttpExceptionRequest Request { host = "package.elm-lang.o
rg" port = 443
    secure = True requestHeaders =
    [("User-Agent","elm/0.19.0"),("Accept-Encoding","gzip")] path =
    "/all-packages" queryString = "" method = "GET" proxy = Nothing rawBody =
    False redirectCount = 10 responseTimeout = ResponseTimeoutDefault
    requestVersion = HTTP/1.1 } (InternalException (HandshakeFailed
    (Error_Protocol ("certificate has unknown CA",True,UnknownCa))))

How can I fix this?

Do I need to supply a certificate to use elm make?

I ran this test to see if connecting to package.elm-lang.org works over HTTP:

D:\home\test-elm>curl http://package.elm-lang.org
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   194  100   194    0     0   1031      0 --:--:-- --:--:-- --:--:--  1127<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>

The messages says the system doesn’t know the CA. Certificate is issued by Let’s encrypt and the chain looks fine. Do you have issues with other websites using let’s encrypt?

https://www.ssllabs.com/ssltest/analyze.html?d=package.elm-lang.org

1 Like

The response says permanently moved, not sure but I heard, that the page side seems to be blocked from countries like russia etc. maybe that’s affecting you too?

That isn’t a problem, it’s just normal HTTP redirection:
“http://package.elm-lang.org” is redirecting to “https://package.elm-lang.org/”

malaire@box:~$ curl -I http://package.elm-lang.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.3 (Ubuntu)
Date: Sat, 17 Nov 2018 23:16:49 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://package.elm-lang.org/
1 Like

Thank you @andys8 for the pointer. After writing the first post, I tried to get it working by installing certificates on the system, so cannot answer your question for the past setup anymore. Looks like I got it working by installing a certificate. I downloaded the certificate from package.elm-lang.org and added it as a Public Certificate to the Azure app.

I used the export UI of the chrome browser to get a .cer file for a certificate on the path displayed in the chrome browser (I took the DST Root CA X3 from the root)

The import of this file went without error messages.

But at first, the elm make command still displayed the certificate has unknown CA error.

Yesterday, it was too late to continue investigating, and now after coming back it works, elm make produces the output file. I don’t know what happened in the meantime, maybe the host system was restarted.

While setting the certificate up, I also found this guide helpful to check if the certificate was loaded: Azure App Services: How to determine if the client certificate is loaded | Microsoft Learn

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.