Skip to content

unable to get local issuer certificate #1073

New issue
New issue
Open
Open
unable to get local issuer certificate#1073
Labels
T-DocumentationImprovements or additions to documentation
@AngeloFrangione

Description

@AngeloFrangione
AngeloFrangione
opened on Jul 3, 2025

Hello,

i'm using a root ca for my matrix instance, nothing is connected to internet.

i've configured matrix and element, everything works fine. But when i configured hookshot, rebuild the docker image from scratch adding the ca-certificates to the build time, i still get the certificate error in the logs:

is there some configuration where i have to point to the root ca ? Like i had to do for another integration.

here is the relevant error:

Jul 03 15:46:49 matrix matrix-hookshot[2715542]: WARN 15:46:49:037 [ProvisioningApi] Failed to exchange the token for matrix.tld AxiosError: unable to get local issuer certificate
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at TLSSocket.emit (node:events:518:28)
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at TLSSocket.emit (node:domain:489:12)
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at TLSSocket._finishInit (node:_tls_wrap:1078:8)
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at ssl.onhandshakedone (node:_tls_wrap:864:12) {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   config: {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     transitional: {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       silentJSONParsing: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       forcedJSONParsing: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       clarifyTimeoutError: false
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     adapter: [Function: httpAdapter],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     transformRequest: [ [Function: transformRequest] ],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     transformResponse: [ [Function: transformResponse] ],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     timeout: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     xsrfCookieName: 'XSRF-TOKEN',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     xsrfHeaderName: 'X-XSRF-TOKEN',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     maxContentLength: -1,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     maxBodyLength: -1,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     env: { FormData: [Function] },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     validateStatus: [Function: validateStatus],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     headers: {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       Accept: 'application/json, text/plain, */*',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       Host: 'matrix.tld',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       'User-Agent': 'axios/0.27.2'
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     params: { access_token: 'rsvrhyVDKWWAhLNrdyrFLhVg' },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     method: 'get',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     url: 'https://matrix.tld:8448/_matrix/federation/v1/openid/userinfo',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     data: undefined
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   request: <ref *1> Writable {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _events: {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       close: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       error: [Function: handleRequestError],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       prefinish: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       finish: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       drain: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       response: [Function: handleResponse],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       socket: [Function: handleRequestSocket]
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _writableState: WritableState {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       highWaterMark: 65536,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       length: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       corked: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       onwrite: [Function: bound onwrite],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       writelen: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       bufferedIndex: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       pendingcb: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kState)]: 17580812,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kBufferedValue)]: null
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _maxListeners: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _options: {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       maxRedirects: 21,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       maxBodyLength: 10485760,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       protocol: 'https:',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       path: '/_matrix/federation/v1/openid/userinfo?access_token=rsvrhyVDKWWAhLNrdyrFLhVg',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       method: 'GET',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       headers: [Object],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       agent: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       agents: [Object],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       auth: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       hostname: 'matrix.tld',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       port: '8448',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       nativeProtocols: [Object],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       pathname: '/_matrix/federation/v1/openid/userinfo',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       search: '?access_token=rsvrhyVDKWWAhLNrdyrFLhVg'
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _ended: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _ending: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _redirectCount: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _redirects: [],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _requestBodyLength: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _requestBodyBuffers: [],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _eventsCount: 3,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _onNativeResponse: [Function (anonymous)],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _currentRequest: ClientRequest {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _events: [Object: null prototype],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _eventsCount: 7,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _maxListeners: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       outputData: [],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       outputSize: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       writable: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       destroyed: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _last: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       chunkedEncoding: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       shouldKeepAlive: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       maxRequestsOnConnectionReached: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _defaultKeepAlive: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       useChunkedEncodingByDefault: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       sendDate: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _removedConnection: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _removedContLen: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _removedTE: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       strictContentLength: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _contentLength: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _hasBody: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _trailer: '',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       finished: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _headerSent: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _closed: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _header: 'GET /_matrix/federation/v1/openid/userinfo?access_token=rsvrhyVDKWWAhLNrdyrFLhVg HTTP/1.1\r\n' +
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:         'Accept: application/json, text/plain, */*\r\n' +
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:         'Host: matrix.tld\r\n' +
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:         'User-Agent: axios/0.27.2\r\n' +
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:         'Connection: keep-alive\r\n' +
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:         '\r\n',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _keepAliveTimeout: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _onPendingData: [Function: nop],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       agent: [Agent],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       socketPath: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       method: 'GET',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       maxHeaderSize: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       insecureHTTPParser: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       joinDuplicateHeaders: undefined,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       path: '/_matrix/federation/v1/openid/userinfo?access_token=rsvrhyVDKWWAhLNrdyrFLhVg',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _ended: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       res: null,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       aborted: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       timeoutCb: [Function: emitRequestTimeout],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       upgradeOrConnect: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       parser: null,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       maxHeadersCount: null,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       reusedSocket: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       host: 'matrix.tld',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       protocol: 'https:',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       _redirectable: [Circular *1],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(shapeMode)]: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kCapture)]: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kBytesWritten)]: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kNeedDrain)]: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(corked)]: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kChunkedBuffer)]: [],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kChunkedLength)]: 0,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kSocket)]: [TLSSocket],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kOutHeaders)]: [Object: null prototype],
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(errored)]: null,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kHighWaterMark)]: 65536,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kRejectNonStandardBodyWrites)]: false,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:       [Symbol(kUniqueHeaders)]: null
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     },
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     _currentUrl: 'https://matrix.tld:8448/_matrix/federation/v1/openid/userinfo?access_token=rsvrhyVDKWWAhLNrdyrFLhVg',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     [Symbol(shapeMode)]: true,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     [Symbol(kCapture)]: false
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   }
Jul 03 15:46:49 matrix matrix-hookshot[2715542]: }
Jul 03 15:46:49 matrix matrix-hookshot[2715542]: ERROR 15:46:49:038 [ProvisioningApi] ApiError: API error M_AS_BAD_OPENID: Failed to exchange token
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at BridgeWidgetApi.postExchangeOpenId (/usr/bin/matrix-hookshot/node_modules/matrix-appservice-bridge/lib/provisioning/api.js:321:19)
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:     at process.processTicksAndRejections (node:internal/process/task_queues:105:5) {
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   error: 'Failed to exchange token',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   errcode: 'M_AS_BAD_OPENID',
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   statusCode: 500,
Jul 03 15:46:49 matrix matrix-hookshot[2715542]:   additionalContent: {}
Jul 03 15:46:49 matrix matrix-hookshot[2715542]: }
Jul 03 15:47:14 matrix matrix-hookshot[2715542]: INFO 15:47:14:192 [Appservice] Processing transaction 111
Jul 03 15:47:14 matrix matrix-hookshot[2715542]: INFO 15:47:14:193 [Appservice] Processing ephemeral event of type m.presence
Jul 03 15:47:14 matrix matrix-hookshot[2715542]: INFO 15:47:14:194 [Appservice] 172.25.0.3 - - [03/Jul/2025:15:47:14 +0000] "PUT /_matrix/app/v1/transactions/111? HTTP/1.1" 200 2 "-" "Synapse/1.133.0"
Jul 03 15:47:14 matrix matrix-hookshot[2715542]: INFO 15:47:14:203 [Appservice] Processing transaction 112
Jul 03 15:47:14 matrix matrix-hookshot[2715542]: INFO 15:47:14:203 [Appservice] Processing ephemeral event of type m.presence
Jul 03 15:47:14 matrix matrix-hookshot[2715542]: INFO 15:47:14:204 [Appservice] 172.25.0.3 - - [03/Jul/2025:15:47:14 +0000] "PUT /_matrix/app/v1/transactions/112? HTTP/1.1" 200 2 "-" "Synapse/1.133.0"

Metadata

Metadata

Assignees

No one assigned

    Labels

    T-DocumentationImprovements or additions to documentation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions