labctl auth login fails
I am trying to get started with amd64 version of labctl running on WSL2 - Ubuntu
labctl -l debug auth login
labctl: Couldn't start a session: Post "https://labs.iximiuz.com/api/sessions": tls: failed to verify certificate: x509: certificate signed by unknown authority.
labctl version
0.1.27 (built: 2025-03-26T09:09:02Z commit: 06a4d66a9f75a9defadf91a023cb8ccd56ec5d57)
Account ID: 67f0e3ba3c73c37605a7f234
Hi @ashok-an! This is highly likely not a labctl issue. Could you try running curl https://labs.iximiuz.com and curl https://example.com from the same environment? There might be a more generic TLS issue.
$ curl https://labs.iximiuz.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
@ashok-an could you also try curl https://example.com to ensure the issue is not with the labs.iximiuz.com certificate only?
@ashok-an could you also try
curl https://example.comto ensure the issue is not with thelabs.iximiuz.comcertificate only?
:) rest-assured, I can access outside world
curl -I https://example.com
HTTP/2 200
content-type: text/html
etag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
last-modified: Mon, 13 Jan 2025 20:11:20 GMT
cache-control: max-age=3138
date: Wed, 09 Apr 2025 02:55:40 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
Oh, that's interesting! Frankly, I cannot even think of a reason except for some angry firewall on the packets' way. Could you also please try accessing the following addresses (they are all served by very different servers and even hosting providers):
curl https://iximiuz.com
curl https://node-c9a5.iximiuz.com
curl https://node-ap-a1de.iximiuz.com
Looks like my firewall is blocking the urls
curl -I https://iximiuz.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl -I https://node-c9a5.iximiuz.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl -I https://node-ap-a1de.iximiuz.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Hypothetically, it could also be your local CA bundle if it, for some reason, doesn't include the right root cert. I just checked all three domains on SSL Labs, and they look fine:
- https://www.ssllabs.com/ssltest/analyze.html?d=labs.iximiuz.com
- https://www.ssllabs.com/ssltest/analyze.html?d=iximiuz.com
- https://www.ssllabs.com/ssltest/analyze.html?d=node-c9a5.iximiuz.com&latest
I actually don't have much control over the first two - they are served by Cloudflare in a "full proxy" mode. But the third one is served by an Envoy proxy configured by me. So, there are two independent setups and a successful check by SSL Labs, which makes me suspect the issue is rather outside of my setup.