HTTPS / SSL Certification now allowing connect.

:information_source: Attention Topic was automatically imported from the old Question2Answer platform.
:bust_in_silhouette: Asked By hughes1992

Problem: HttpClient connects to host and just freezes / keeps trying to connect to host; fails to connect / can’t connect to host via HTTPS with certificate, did before regular HTTP.

Hello, I am having some difficulty getting SSL certificates / HTTPS connection to host to work. I am using a certbot / LetsEncrypt free certificate on my ubuntu 18.04 nginx server.

I have SSL certificate set in my Project>SSL settings to the .cert file that contains the certificates from my server under /etc/ssl/certs/ca-certificates.crt on my ubuntu server.

I’ve tried changing the server name to contain https:// but that doesn’t work either.

HTTPS works on the server, I’ve tested via browser.

This is how i connect to the host:

   print("Connecting to host...")
	IP.clear_cache()
	http.close()
	err = http.connect_to_host( "client.mydomain.com, 443,true,true)
	
	if err != OK:
		print("connection error: " + str(err))
		bOffline = true
		prompt_to_connect()
	else:
		while http.get_status() == HTTPClient.STATUS_CONNECTING or http.get_status() == HTTPClient.STATUS_RESOLVING:
			print("Connecting to host...")
			http.poll()
			tries += 1
			OS.delay_msec(10)
			if tries == 10:
				info_text("Failed to connect to server.")
				prompt_to_connect()
		print("status: " + str(http.get_status()))
		if http.get_status() != 5:
			print("response code: " + str(http.get_response_code()))
			print("Connection to host failed.")
			prompt_to_connect()
		else:
			bOffline = false
			print("Connected to host.")
`

my log as it runs through connecting
Establishing connection…
Connecting to host… # try 1
Connecting to host…
Connecting to host…
Connecting to host…
Connecting to host…
Connecting to host… #…last try
status: 4 # failed.
response code: 0
Connection to host failed.

Am I supposed to do something else the .crt file? I just copied the certificates file and used that as my godot’s SSL, is this correct? Thanks guys for the help.

:bust_in_silhouette: Reply From: guppy42

The crt file is for your server alone - it’s will hand out the parts clients need it self.

The clients will choose to trust the certificate base on their chain of trust/root CA, given that letsencrypt is crosssigned by idenTrust both your os and browser should trust it.

I don’t know the exact details but I imagine that godot will pull the OS certificates chain and use that.

One thing that I imdiately notice is that you only wait 10ms between each retry - try bumping that to 25 or 50 and see if it makes a difference.
Even a simple page such a google.com served by one of the world most optimized servers needs 116ms for the client to get the first byte ( TTFB in the chrome network inspecter if your interested ) your own server is properly going to be just tad slower :slight_smile:

I don’t know the exact details but I imagine that godot will pull the OS certificates chain and use that.

Godot does not currently support using the OS-provided certificate store. However, starting from Godot 3.1, a SSL certificate bundle will be included in export templates which will make HTTPS requests work out of the box.

Calinou | 2018-11-09 21:31

So what’s the point of the SSL cert in the project files now? Do i just leave it blank now since the SSL certificate bundle is now here?

hughes1992 | 2018-11-09 22:12

Update: I removed the .crt file from my SSL Project settings and changed the delay from 10 ms to 50 ms, still can’t connect.

hughes1992 | 2018-11-09 23:02

Another Update ( sorry for multiple comments, I really want to get this fixed)

Connecting to google.com with HTTPS gives this error

Cause: unable to get local issuer certificate

hughes1992 | 2018-11-09 23:16

Here is a few things to try
try adding letsencrypts root certificate;
https://letsencrypt.org/certs/isrgrootx1.pem.txt

if that doesn’t work that I would suggest waiting for 3.1 or using nightlies

guppy42 | 2018-11-10 08:07

I’ve been trying that, still not working. I’ve tried connecting to google.com and that worked, though not my server.

hughes1992 | 2018-11-13 02:33

:bust_in_silhouette: Reply From: GameVisitor

Did u make sure to add .crt extension in the export filter dialog as shown here ?
This is needed to embed the certificate in the executable.

Yes, that I have that as shown.

hughes1992 | 2018-11-10 18:15