Hi everyone,
I hope this is the right section for this.
In our company, we use locally running Lucee containers in Docker Desktop for development on the local machine. The Lucee version is 5.3.9.173 (yes, not really up-to-date). This has generally been working fine for about a year now.
But starting today, all of us suddenly had trouble using the Websocket extension which is relied upon heavily in our projects.
Checking in the Lucee administrator, it turned out the Websocket extension was no longer installed and not available for installation either, which is curious.
However, pulling the extension list from https://extension.lucee.org/rest/extension/provider/info
with a desktop browser revealed that the Websocket extension should still be available. It (and many other extensions as well) just didnât show up in the Lucee admin any more.
Issues also arised with the PostgreSQL extension:
So I dug deeper and noticed that Lucee couldnât access the extension provider on extension.lucee.org
any more. The exception message said âPKIX path building failedâ, usually a problem with SSL certificate verification. I tested this with a small script, see screenshots.
The SSL certificate for this domain apparently has been renewed on 2023-11-11, thatâs two days ago on Saturday. Probably none of my colleagues have been working over the weekend, so maybe the renewalâs got something to do with why it started acting up today. Or maybe itâs a red herring.
After we manually added the certificate for extension.lucee.org
in the Lucee administrator (Services â SSL Certificates), that resolved the issue. The Websocket extension is working again and re-appeared in the extensions list in Lucee admin as well.
Database connections using the PostgreSQL extension are also working again.
That probably means that without further preparation, our production Lucee installs will display the same symptoms, once they are restarted.
As far as I can tell from a quick search on https://crt.sh
, the current and the previous server certificate are pretty much identical. And web browsers as well as openssl or Qualysâs SSL test donât report any errors.
Also, itâs not an issue with Letâs Encrypt (CA) certificates in general. Lucee has no problems with other sites with LE certificates like https://letsencrypt.org
.
Date and time are also set correctly in the containers.
Currently Iâm a bit stumped as to why extension.lucee.org
canât be verified but âletsencrypt.orgâ and others can.
But my main questions are:
- Is it intended behaviour that extensions simply stop working just because the extension provider URL happens to be unreachable or its certificate canât be verified?
- Has anyone else experienced this issue with
extension.lucee.org
(or with the extensions list in Lucee admin after a restart) in the past few days?
Thanks!