We have tried to run our pipeline today(01st of June 2020). But we got the below error from sonar qube.
##[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“CERT_HAS_EXPIRED”}.
This pipeline was working fine in 14th May 2020 with the same configuration.
Same problem here with SonarQube 8.2.0.32929 Developer Edition.
curl and wget works properly after apply the fix proposed by Andrew Ayer, so it’s looks that the problem in the client that perform the request and the CA certificates that it use.
Could you clarify what site you’re connecting to? I mean; you’re mentioning SonarQube Developer Edition, hence I understand you run your own infrastructure, not SonarCloud, am I understanding this right?
If it so, then the solution should be within your control and you should check the page I referenced in my first reply. Thanks!
@mickaelcaro our Agente version is 2.165.0. @AlxO, yes it’s our own infrastructure and we have solved the issue for all the different tools that perform request to the domain that uses this certificate, and even from the same host it’s possible to perform curl and wget request (before the fix it was not possible), the only tools that still show the problem it’s this task.
Is this task based on Java or Nodejs?
The request that are failing are made with NodeJs, that why i asked for the agent version, because apparently starting with some specific version of Node, it can work, but haven’t tested on my side, since it’s an internal asset of the agent.
Is your SonarQube protected by SSL ? Is yes, what does said the cert chain ?
Quick housekeeping – I’ve moved this to a separate thread as this is now specifically related to on-prem SonarQube instances (instead of SonarCloud, where the issue is resolved)
@mickaelcaro Our Instance is protected with TLS, even we have tested to set NODE_TLS_REJECT_UNAUTHORIZED to 0 env variable with no result, but this have no sense if you are using nodejs, we are going to test other ways to set this variable in order to confirm that the problems is the “internal” CAs of Nodejs.
We used to set the Nodejs version in the pipeline, right now we have test 12.14, but I am not sure if this have a real effect in the way that this task is performed.
@Carlos_Jimenez_Saiz the nodejs that is used is i guess the one referenced on the ‘externals’ folder of the build agent, there are 2 versions inside, one on 6.X, the other on 10.X.
I’ll try to have a deeper look, but i guess that there’s not much we can do right now if that’s purely on node/azure’s side.
Thanks @Ashen_Fernando, what does said a SSLHopper for example on the full chain ? Do you still have a cert expired somewhere or is that full green ?
I am getting this error
##[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“CERT_HAS_EXPIRED”}
in Azure Devops pipeline on task ‘Prepare analysis on Sonarqube’ .
The issue occurred after I upgraded to version 6.7 . Interestingly same version on other server is working fine .
Let me know how to resolve this .