weixin_39545102
weixin_39545102
2020-11-27 12:51

ssl-check script hitting errors on Windows 10

I would like to start by mentioning that I'm well aware that the Slate team is expecting there to be issues with the Slatev1 on win10, as they have started numerous times that they have not have not yet tested everything outside of macOS.

With that being said, I think its very close and this particular issue might be resolved with help from some bash nerds + Windows users.

Problem

When setting up the SSL certificate, as described here, the ssl-check function runs into some issues. Im not knowledgeable enough in the tools used in this step of the process to do anything meaningful with these errors but theyre still pretty descriptive and I think someone else likely will be.

Note: This is after installing mkcert on Windows 10 using chocolaty, then running mkcert -install in Powershell as admin (which gave success messages), and step 2 in the docs using git-bash (linked above).

I can see the certs in my file system at C:\Users\name\AppData\Local\mkcert\rootCA.pem and C:\Users\name\AppData\Local\mkcert\rootCA-key.pem


$ ssl-check

Manipulates network routing tables.

ROUTE [-f] [-p] [-4|-6] command [destination]
                  [MASK netmask]  [gateway] [METRIC metric]  [IF interface]

  -f           Clears the routing tables of all gateway entries.  If this is
               used in conjunction with one of the commands, the tables are
               cleared prior to running the command.

  -p           When used with the ADD command, makes a route persistent across
               boots of the system. By default, routes are not preserved
               when the system is restarted. Ignored for all other commands,
               which always affect the appropriate persistent routes.

  -4           Force using IPv4.

  -6           Force using IPv6.

  command      One of these:
                 PRINT     Prints  a route
                 ADD       Adds    a route
                 DELETE    Deletes a route
                 CHANGE    Modifies an existing route
  destination  Specifies the host.
  MASK         Specifies that the next parameter is the 'netmask' value.
  netmask      Specifies a subnet mask value for this route entry.
               If not specified, it defaults to 255.255.255.255.
  gateway      Specifies gateway.
  interface    the interface number for the specified route.
  METRIC       specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Pattern match is only allowed in PRINT command.
Diagnostic Notes:
    Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
    Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
             The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

Examples:

    > route PRINT
    > route PRINT -4
    > route PRINT -6
    > route PRINT 157*          .... Only prints those matching 157*

    > route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 3 IF 2
             destination^      ^mask      ^gateway     metric^    ^
                                                         Interface^
      If IF is not given, it tries to find the best interface for a given
      gateway.
    > route ADD 3ffe::/32 3ffe::1

    > route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

      CHANGE is used to modify gateway and/or metric only.

    > route DELETE 157.0.0.0
    > route DELETE 3ffe::/32

?  Couldn't find a Slate SSL certificate:
Generating a new Slate SSL certificate...

Using the local CA at "C:\Users\degal\AppData\Local\mkcert" ✨
ERROR: "\r" is not a valid hostname or IP
mv: cannot stat './localhost+1.pem': No such file or directory
mv: cannot stat './localhost+1-key.pem': No such file or directory

Replication steps

Follow normal Slate installation instructions as provided by the wiki on Windows 10 using git-bash for most of the way, but installing mkcert using Powershell as admin.

Follow part 4 of the wiki and run the ssl-check to produce the error.

More Information

Windows 10 git-bash/powershell node v8.9.3 npm v6.4.1

该提问来源于开源项目:Shopify/slate

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

21条回答

  • weixin_39767322 weixin_39767322 5月前

    +Here is how I do it manually

    shell
    cd ~/.localhost_ssl
    mkcert -install
    mkcert localhost 127.0.0.1 <your_local_ip_here>
    mv localhost+2-key.pem server.key
    mv localhost+2.pem server.crt
    </your_local_ip_here>

    This works for me - just a reference in case anyone else is wondering how to get your local IP address, it can be done in git bash with: > ipconfig | grep -m2 'IPv4' | tail -n1

    点赞 评论 复制链接分享
  • weixin_39963080 weixin_39963080 5月前

    After 24 hours of trial and error I can confirm that 's solution works perfectly.

    What I was doing wrong is exactly what he mentioned - jumping back and forth between PowerShell and WSL, don't do that! If you're on Windows just open PowerShell install all libraries there, install Slate with it and run 's steps.

    点赞 评论 复制链接分享
  • weixin_39646831 weixin_39646831 5月前

    +Here is how I do it manually

    shell
    cd ~/.localhost_ssl
    mkcert -install
    mkcert localhost 127.0.0.1 <your_local_ip_here>
    mv localhost+2-key.pem server.key
    mv localhost+2.pem server.crt
    </your_local_ip_here>

    This worked for me in MSYS2 on Windows 10 as well. Thanks!

    点赞 评论 复制链接分享
  • weixin_39765325 weixin_39765325 5月前

    Figured I'd chime in here. If you're running into SSL issues still on Ubuntu/Linux, I opened #1083 to update the docs with a Linux-specific ssl-check function. I've tested on a few different versions of Ubuntu and so far it seems to work.

    The new function for Linux is as follows:

    bash
    function ssl-check() {
             f=~/.localhost_ssl;
             ssl_crt=$f/server.crt
             ssl_key=$f/server.key
             b=$(tput bold)
             c=$(tput sgr0)
    
             # gets the first IP returned fro the hostname function
             local_ip=$(hostname -I | cut -d' ' -f1)
             # local_ip=999.999.999 # (uncomment for testing)
             domains=(
                 "localhost"
                 "$local_ip"
             )
             if [[ ! -f $ssl_crt ]]; then
                 echo -e "\n🛑  ${b}Couldn't find a Slate SSL certificate:${c}"
                 make_key=true
             elif [[ ! $(openssl x509 -noout -text -in $ssl_crt | grep $local_ip) ]]; then
                 echo -e "\n🛑  ${b}Your IP Address has changed:${c}"
                 make_key=true
             else
                 echo -e "\n✅  ${b}Your IP address is still the same.${c}"
             fi
             if [[ $make_key == true ]]; then
                 echo -e "Generating a new Slate SSL certificate...\n"
                 count=$(( ${#domains[@]} - 1))
                 mkcert ${domains[@]}
                 # Create Slate's default certificate directory, if it doesn't exist
                 test ! -d $f && mkdir $f
                 # It appears mkcert bases its filenames off the number of domains passed after the first one.
                 # This script predicts that filename, so it can copy it to Slate's default location.
                 if [[ $count = 0 ]]; then
                     mv ./localhost.pem $ssl_crt
                     mv ./localhost-key.pem $ssl_key
                 else
                     mv ./localhost+$count.pem $ssl_crt
                     mv ./localhost+$count-key.pem $ssl_key
                 fi
             fi
         }
    

    This does still utilize mkcert. I highly recommend installing it via their instructions still.

    Feel free to test it out and let me know if you run into any issues, I'll work to update the new ssl-check function if any errors happen on other Linux distros.

    点赞 评论 复制链接分享
  • weixin_39658619 weixin_39658619 5月前

    I'm having the exact same problem. Same replication steps and here's my system: Win10 git-bash/powershell node v8.11.1 npm v6.4.1

    点赞 评论 复制链接分享
  • weixin_39789979 weixin_39789979 5月前

    Removing "$local_ip" in the domains array inside the ssl-check function seems to have resolved the issue for me.

    点赞 评论 复制链接分享
  • weixin_39658619 weixin_39658619 5月前

    Thanks for the tip! That did allow my ssl-check function to process properly, however I'm still not seeing the "./localhost.pem" and the key at "./localhost-key.pem" inside of my mkcert folder and Im still shown a red HTTPS. I still only have the root files mentioned. So even though it says it's creating the files when the function runs, it doesn't seem to actually be creating them.

    点赞 评论 复制链接分享
  • weixin_39670267 weixin_39670267 5月前

    Check your Windows user directory, the .localhost folder containing the server key should be in there. I can confirm that manually adding your local IP fixes the script problem on Windows and the key is created in the user directory (see below).

    This is the Slate-tools.schema.js entry pointing to the key's location:

    // Path to self-signed SSL certificate which is used when developing // (browsersync, asset server) to avoid browsers rejecting requests based // on SSL 'ssl.cert': path.resolve(os.homedir(), '.localhost_ssl/server.crt'),

    // Path to self-signed SSL key which is used when developing // (browsersync, asset server) to avoid browsers rejecting requests based // on SSL 'ssl.key': path.resolve(os.homedir(), '.localhost_ssl/server.key'),

    Hope that helps.

    点赞 评论 复制链接分享
  • weixin_39545102 weixin_39545102 5月前

    Is this a workaround for the ssl-check script altogether?

    点赞 评论 复制链接分享
  • weixin_39562752 weixin_39562752 5月前

    +Here is how I do it manually

    bash
    cd ~/.localhost_ssl
    mkcert -install
    mkcert localhost 127.0.0.1 <your_local_ip_here>
    mv localhost+2-key.pem server.key
    mv localhost+2.pem server.crt
    </your_local_ip_here>
    点赞 评论 复制链接分享
  • weixin_39658619 weixin_39658619 5月前

    This may be a stupid question, but I never had a slate-tools.schema.js file inside of my node slate-tools folder. Is there any reason why that wouldn't have been included? Everything else has worked as expected from the steps you've laid out - script runs with no errors and server files are created in .localhost_ssl folder. However when I went to check the paths in my slate-tools.scheme.js file, that file was nowhere to be found. I tried creating the file from scratch and adding that code, but I still cant get this to work. I'm wondering if maybe because the file wasnt there originally, its not being referenced in some other part of the code, so it doesn't know to look up this file? Maybe.... I'm really at a loss with the one.

    点赞 评论 复制链接分享
  • weixin_39670267 weixin_39670267 5月前

    what version of Slate are you using for your project? I was referring to v1.0 in the posts above, you can find the schema file here: https://github.com/Shopify/slate/tree/master/packages/slate-tools

    Not sure where v0.x sets the path to the certificate but I’d assume the default location would be the same pace - in the root of your Window’s user directory.

    点赞 评论 复制链接分享
  • weixin_39658619 weixin_39658619 5月前

    , yep that looks to be the issue! Looks like i'm using 0.14 on my original project. I've created a new project for another new site I'll be building and that one is v1 and has the file.

    I'll see if I can't get it working now that I have a full version of the schema file. Thanks again!

    EDIT: I was able to get this working fine on the new install. It looks like however, the main issue for why I started to work on getting the SSL issue fixed in the first place is still present. That being browser-sync not working. Everything is compiling and uploading as expected (in both v1 and v0.14 projects), but in both, browser-sync is a no-show and I can't figure out for the life of me why. It doesn't drastically hinder my development process, but it sure would be nice to have BS actually reloading the browser.

    点赞 评论 复制链接分享
  • weixin_39796152 weixin_39796152 5月前

    I can say steps worked for me in creating the certificate but because of going back and forth from powershell to bash got a bit confusing, I decided to post a set of commands that will get the job done in powershell

    edit: These steps are working with Windows 10 Build 17134 - Nov 26 2018 and all other applications and packages updated as of the same date

    Step 1

    If you don't have Chocolatey installed go to https://chocolatey.org/install and follow their instructions

    Step 2

    Install mkcert by running choco install mkcert

    Instructions taken from https://github.com/FiloSottile/mkcert

    Step 3

    copy and paste the code below into your powershell

    
    New-Item -Path ~/.localhost_ssl -ItemType directory
    cd ~/.localhost_ssl
    mkcert -install
    mkcert localhost 127.0.0.1 $(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' } | out-null; $Matches[1])
    mv localhost+*-key.pem server.key
    mv localhost+*.pem server.crt
    

    Step 4

    run yarn watch or yarn start and once the browser loads your localhost certificate problems should be fixed

    点赞 评论 复制链接分享
  • weixin_39796152 weixin_39796152 5月前

    -dotdev Yes I did hate having to use powershell, my problem with your way was that even after adding the certificate it was still not working with slate. Like I said in my post I'm not too familiar with how certificates work so I must have missed some step.

    In the manual powershell script I had to create the .localhost_ssl folder and put the cert and key there and that was the part that made it work. How does this work when using the MMC ?

    点赞 评论 复制链接分享
  • weixin_39545102 weixin_39545102 5月前

    Glad to see this issue picking up steam. Just wanted to hollaback and let you know that 's answer did the trick for me.

    点赞 评论 复制链接分享
  • weixin_39707941 weixin_39707941 5月前

    I found that you and your solution works, but I just wanted to add that this only worked in Google Chrome for me. I'm still getting some errors regarding `` being used to import CSS files, but that's another issue altogether.

    点赞 评论 复制链接分享
  • weixin_39811036 weixin_39811036 5月前

    I found that you and your solution works, but I just wanted to add that this only worked in Google Chrome for me. I'm still getting some errors regarding `` being used to import CSS files, but that's another issue altogether.

    I guess that it's expected that some browsers won't work, as it's stated in the mkcert's doc that Firefox root store is supported only on macOS and Linux.

    steps worked for me as well.

    点赞 评论 复制链接分享
  • weixin_39607710 weixin_39607710 5月前

    Can't seem to get this working for IE. Which is my only reason for using windows :joy:

    点赞 评论 复制链接分享
  • weixin_39578867 weixin_39578867 5月前

    I can say steps worked for me in creating the certificate but because of going back and forth from powershell to bash got a bit confusing, I decided to post a set of commands that will get the job done in powershell

    edit: These steps are working with Windows 10 Build 17134 - Nov 26 2018 and all other applications and packages updated as of the same date

    Step 1

    If you don't have Chocolatey installed go to https://chocolatey.org/install and follow their instructions

    Step 2

    Install mkcert by running choco install mkcert

    Instructions taken from https://github.com/FiloSottile/mkcert

    Step 3

    copy and paste the code below into your powershell

    
    New-Item -Path ~/.localhost_ssl -ItemType directory
    cd ~/.localhost_ssl
    mkcert -install
    mkcert localhost 127.0.0.1 $(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})' } | out-null; $Matches[1])
    mv localhost+<em>-key.pem server.key
    mv localhost+</em>.pem server.crt
    

    Step 4

    run yarn watch or yarn start and once the browser loads your localhost certificate problems should be fixed

    working with me.

    点赞 评论 复制链接分享
  • weixin_39834745 weixin_39834745 5月前

    Thanks for the tip! That did allow my ssl-check function to process properly, however I'm still not seeing the "./localhost.pem" and the key at "./localhost-key.pem" inside of my mkcert folder and Im still shown a red HTTPS. I still only have the root files mentioned. So even though it says it's creating the files when the function runs, it doesn't seem to actually be creating them.

    I'm not sure if this was mentioned above because I haven't had the time to read through everything, but I noticed some people were having issues with the following error:

    mv: cannot stat './localhost+1.pem': No such file or directory mv: cannot stat './localhost+1-key.pem': No such file or directory

    The reason why it throws this error is because when you run:

    mkcert localhost 127.0.0.1 ::1

    The file directory will read:

    The certificate is at "./localhost+2.pem" and the key at "./localhost+2-key.pem"

    Which is NOT:

    mv: cannot stat './localhost+1.pem': No such file or directory mv: cannot stat './localhost+1-key.pem': No such file or directory

    Luckily, there is a very simple solution.

    Simply remove the -1 from the count part of the function (Towards the bottom of ssl-check) and it should read like this:

    count=$(( ${#domains[@]})).

    Hope this helps.

    点赞 评论 复制链接分享

相关推荐