Greg Plamondon's picture

When trying to initialize tlkbam I get the following error:

root@phplist ~# tklbam-init
Copy paste the API-KEY from your Hub account's user profile

error: error(60, 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none')
root@phplist ~#

My Turnkey-version:

root@phplist ~# turnkey-version

Any help would be greatly appreciated!



Jeremy Davis's picture

That sounds really weird and one I haven't come across before. From the error message you are getting it appears that there is something wrong with the SSL certs on your server.

Another thing that can cause certificate errors is incorrect time. TurnKey should already be set up to auto update the time. However if it can't contact the default NTP server the clock can drift. Additionally, if you've updated the time yourself incorrectly (i.e. just manually changed the time rather than configuring your timezone) then that will cause the same issue (among others).

If you have been playing with certificates, then this may be an unintended consequence? If you haven't been doing anything with certificates and the time is right, then that is certainly not expected behaviour. It could perhaps be a sign that someone else (who legitimately has access to the server) has been fiddling with something they didn't understand the consequences of? Or possibly even something malicious (and poorly executed)?

Firstly I recommend that you double check that the time is configured correctly. The first bit checks that you can connect to the ntp server. The second forces an update (and shows the time before and after). If you are using a server launched from AWS Marketplace (and haven't enabled root), the you'll probably need to append 'sudo' to (at least some of) these commands.

# check you can connect to ntp server
ping -c 4

# if that works, then force an update
ntpdate -s

Also I recommend that you double check that ca-certificates is installed properly and up to date. Then to be sure that everything is using the right certs, I'd recommend rebooting your server and trying again.

apt-get update
apt-get install --reinstall ca-certificates

If you try all that and continue to get the same error, please provide some more info about this server. Particularly where it's running and/or how you launched it (e.g. ISO install to VM; AWS from AWS Marketplace; etc) and how long its been running (e.g. fresh install/launch; weeks/months/years; etc).

Add new comment