starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Remote Data Source Git HTTPS - SSLCertVerificationError #9262

New Issue
Closed
opened 2025-12-29 20:47:37 +01:00 by adam · 0 comments
adam commented 2025-12-29 20:47:37 +01:00
Owner
Copy Link

Originally created by @UMRNOC on GitHub (Feb 16, 2024).

Deployment Type

Self-hosted

NetBox Version

v3.7.2

Python Version

3.10

Steps to Reproduce

Click on Operations
Click on Data Sources
Add a new data source
set a name
choose type Git
add URL (https)
add username, password and branch
click on create

Now click on Sync

Expected Behavior

Sync should work.
Self signed Root Certificate was added via "update-ca-certificates" in Ubuntu.

Observed Behavior

SyncError("Fetching remote data failed (GitProtocolError): HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload-pack (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))")

Output of manage.py syncdatasource --all --traceback:

(venv) root@server:/opt/netbox# /opt/netbox/netbox/manage.py syncdatasource --all --traceback
[1] Syncing git.domain.local netbox repo... Traceback (most recent call last):
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 468, in _make_request
self._validate_conn(conn)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn
conn.connect()
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connection.py", line 642, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connection.py", line 783, in ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/util/ssl.py", line 471, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/util/ssl.py", line 515, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1100, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1371, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 791, in urlopen
response = self._make_request(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 492, in _make_request
raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2279, in _http_request
resp = self.pool_manager.request(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/_request_methods.py", line 110, in request
return self.request_encode_url(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/_request_methods.py", line 143, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/poolmanager.py", line 443, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 875, in urlopen
return self.urlopen(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 875, in urlopen
return self.urlopen(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 875, in urlopen
return self.urlopen(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 845, in urlopen
retries = retries.increment(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/util/retry.py", line 515, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload-pack (Caused by SSLError(SSLCertVerificat ionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/opt/netbox-3.7.2/netbox/core/data_backends.py", line 105, in fetch
porcelain.clone(self.url, local_path.name, **clone_args)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/porcelain.py", line 546, in clone
return client.clone(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 753, in clone
result = self.fetch(path, target, progress=progress, depth=depth)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 839, in fetch
result = self.fetch_pack(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2156, in fetch_pack
refs, server_capabilities, url = self._discover_references(
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2012, in _discover_references
resp, read = self._http_request(url, headers)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2287, in _http_request
raise GitProtocolError(str(e)) from e
dulwich.errors.GitProtocolError: HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload-pack (Caused by SSLError(SSLCertVerificati onError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/netbox/netbox/manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/init.py", line 442, in execute_from_command_line
utility.execute()
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/init.py", line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/base.py", line 412, in run_from_argv
self.execute(*args, **cmd_options)
File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/base.py", line 458, in execute
output = self.handle(*args, **options)
File "/opt/netbox-3.7.2/netbox/core/management/commands/syncdatasource.py", line 43, in handle
raise e
File "/opt/netbox-3.7.2/netbox/core/management/commands/syncdatasource.py", line 38, in handle
datasource.sync()
File "/opt/netbox-3.7.2/netbox/core/models/data.py", line 195, in sync
with backend.fetch() as local_path:
File "/usr/lib/python3.10/contextlib.py", line 135, in enter
return next(self.gen)
File "/opt/netbox-3.7.2/netbox/core/data_backends.py", line 107, in fetch
raise SyncError(f"Fetching remote data failed ({type(e).name}): {e}")
core.exceptions.SyncError: Fetching remote data failed (GitProtocolError): HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload- pack (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))

If i change netbox/core/data_backends.py to:
# Apply HTTP proxy (if configured)
if settings.HTTP_PROXIES and self.url_scheme in ('http', 'https'):
if proxy := settings.HTTP_PROXIES.get(self.url_scheme):
config.set("http", "proxy", proxy)
config.set("http", "sslCAInfo", "/etc/ssl/certs/myRootCA.crt")

Sync button in Web GUI is reporting the same error.

But "manage.py syncdatasource --all --traceback" is giving me:
[1] Syncing git.domain.local netbox repo... Completed

Originally created by @UMRNOC on GitHub (Feb 16, 2024). ### Deployment Type Self-hosted ### NetBox Version v3.7.2 ### Python Version 3.10 ### Steps to Reproduce Click on Operations Click on Data Sources Add a new data source set a name choose type Git add URL (https) add username, password and branch click on create Now click on Sync ### Expected Behavior Sync should work. Self signed Root Certificate was added via "update-ca-certificates" in Ubuntu. ### Observed Behavior SyncError("Fetching remote data failed (GitProtocolError): HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload-pack (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))") Output of manage.py syncdatasource --all --traceback: > (venv) root@server:/opt/netbox# /opt/netbox/netbox/manage.py syncdatasource --all --traceback [1] Syncing git.domain.local netbox repo... Traceback (most recent call last): File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 468, in _make_request self._validate_conn(conn) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn conn.connect() File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connection.py", line 642, in connect sock_and_verified = _ssl_wrap_socket_and_match_hostname( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connection.py", line 783, in _ssl_wrap_socket_and_match_hostname ssl_sock = ssl_wrap_socket( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 471, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 515, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1100, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1371, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007) >During handling of the above exception, another exception occurred: >Traceback (most recent call last): File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 791, in urlopen response = self._make_request( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 492, in _make_request raise new_e urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007) > >The above exception was the direct cause of the following exception: > >Traceback (most recent call last): File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2279, in _http_request resp = self.pool_manager.request( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/_request_methods.py", line 110, in request return self.request_encode_url( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/_request_methods.py", line 143, in request_encode_url return self.urlopen(method, url, **extra_kw) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/poolmanager.py", line 443, in urlopen response = conn.urlopen(method, u.request_uri, **kw) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 845, in urlopen retries = retries.increment( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/urllib3/util/retry.py", line 515, in increment raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type] urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload-pack (Caused by SSLError(SSLCertVerificat ionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) > >The above exception was the direct cause of the following exception: > >Traceback (most recent call last): File "/opt/netbox-3.7.2/netbox/core/data_backends.py", line 105, in fetch porcelain.clone(self.url, local_path.name, **clone_args) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/porcelain.py", line 546, in clone return client.clone( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 753, in clone result = self.fetch(path, target, progress=progress, depth=depth) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 839, in fetch result = self.fetch_pack( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2156, in fetch_pack refs, server_capabilities, url = self._discover_references( File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2012, in _discover_references resp, read = self._http_request(url, headers) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/dulwich/client.py", line 2287, in _http_request raise GitProtocolError(str(e)) from e dulwich.errors.GitProtocolError: HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload-pack (Caused by SSLError(SSLCertVerificati onError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) >During handling of the above exception, another exception occurred: > >Traceback (most recent call last): File "/opt/netbox/netbox/manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line utility.execute() File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/__init__.py", line 436, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/base.py", line 412, in run_from_argv self.execute(*args, **cmd_options) File "/opt/netbox-3.7.2/venv/lib/python3.10/site-packages/django/core/management/base.py", line 458, in execute output = self.handle(*args, **options) File "/opt/netbox-3.7.2/netbox/core/management/commands/syncdatasource.py", line 43, in handle raise e File "/opt/netbox-3.7.2/netbox/core/management/commands/syncdatasource.py", line 38, in handle datasource.sync() File "/opt/netbox-3.7.2/netbox/core/models/data.py", line 195, in sync with backend.fetch() as local_path: File "/usr/lib/python3.10/contextlib.py", line 135, in __enter__ return next(self.gen) File "/opt/netbox-3.7.2/netbox/core/data_backends.py", line 107, in fetch raise SyncError(f"Fetching remote data failed ({type(e).__name__}): {e}") core.exceptions.SyncError: Fetching remote data failed (GitProtocolError): HTTPSConnectionPool(host='git.domain.local', port=443): Max retries exceeded with url: /Network/netbox.git/info/refs?service=git-upload- pack (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) If i change netbox/core/data_backends.py to: ` # Apply HTTP proxy (if configured)` ` if settings.HTTP_PROXIES and self.url_scheme in ('http', 'https'):` ` if proxy := settings.HTTP_PROXIES.get(self.url_scheme):` ` config.set("http", "proxy", proxy)` ` config.set("http", "sslCAInfo", "/etc/ssl/certs/myRootCA.crt")` Sync button in Web GUI is reporting the same error. But "manage.py syncdatasource --all --traceback" is giving me: `[1] Syncing git.domain.local netbox repo... Completed`
adam closed this issue 2025-12-29 20:47:37 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#9262
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?