If you visit https://learn.domain.com, what happens?
The error you have posted implies your SSL certificate cannot be verified. Try accessing the URL from the E-Commerce host: curl https://learn.domain.com You probably need to update the root certificates on the E-Commerce host so that the SSL handshake succeeds. Since this is not directly related to Open edX, your best resource may be Google/Stack Overflow for posts on updating the cert store for your OS. Clinton On Friday, April 19, 2019 at 1:20:34 AM UTC-7, mario silic wrote: > > thanks a lot...I'm still struggling...I spent hours on this..I would > really appreciate if someone could tell what could be wrong - below is my > config; > > > */edx/etc/ecommerce.yml* > SOCIAL_AUTH_EDX_OIDC_ISSUER: https://learn.domain.com/oauth2 > <https://www.google.com/url?q=https%3A%2F%2Flearn.domain.com%2Foauth2&sa=D&sntz=1&usg=AFQjCNGr-0eMjoJ-VWMid-512lUQy9N5UQ> > SOCIAL_AUTH_EDX_OIDC_KEY: ecommerce-key > SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL: https://learn.domain.com/logout > SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT: https://learn.domain.com/oauth2 > SOCIAL_AUTH_EDX_OIDC_SECRET: ecommerce-secret > SOCIAL_AUTH_EDX_OIDC_URL_ROOT: https://learn.domain.com/oauth2 > SOCIAL_AUTH_REDIRECT_IS_HTTPS: false > > */edx/app/nginx/sites-available/ecommerce* > upstream ecommerce_app_server { > server 127.0.0.1:8130 fail_timeout=0; > } > server { > server_name ~^((stage|prod)-)?ecommerce.*; > listen 18130 ssl; > ssl_certificate /etc/letsencrypt/live/learn.domain.com/cert.pem; > ssl_certificate_key /etc/letsencrypt/live/learn.domain.com/privkey.pem; > > > */edx/app/nginx/sites-available/lms* > upstream lms-backend { > server 127.0.0.1:8000 fail_timeout=0; > } > > server { > listen 80; > return 301 https://$host$request_uri; > } > > server { > # error pages > server_name learn.domain.com > listen 443 ssl; > ssl_certificate /etc/letsencrypt/live/learn.domain.com/cert.pem; > ssl_certificate_key /etc/letsencrypt/live/ > learn.domain.com/privkey.pem; > > > *OAUTH2 client (config in django admin)* > url: https://learn.domain.com:18130 > Redirect uri: https://learn.domain.com:18130/complete/edx-oidc/ > > */edx/app/edxapp/lms.env.json* > "OAUTH_OIDC_ISSUER": "https://learn.domain.com/oauth2";, > > > Again, each time I click on Login I get this: > AuthFailed: Authentication failed: HTTPSConnectionPool(host=' > learn.domain.com', port=443): Max retries exceeded with url: > /oauth2/access_token/ (Caused by SSLError(SSLError("bad handshake: > Error([('SSL routines', 'tls_process_server_certificate', 'certificate > verify failed')],)",),)) > > What am I doing wrong? > > thanksa lot. > > On Friday, 19 April 2019 00:19:13 UTC+2, Clinton Blackburn wrote: >> >> It seems you've misconfigured your OAuth provider somewhere. You are >> hosting the E-Commerce Service at learn.domain.com, port 18130. By >> default, it's supposed to use LMS (port 18000) as an OAuth provider. The >> service is attempting to use the default SSL port (443). Check your >> settings to ensure you are using the correct ports. >> >> Clinton >> >> On Thursday, April 18, 2019 at 11:35:57 AM UTC-7, mario silic wrote: >>> >>> anyone has any idea what this could be? >>> >>> >>> On Monday, 15 April 2019 20:03:57 UTC+2, mario silic wrote: >>>> >>>> I solved one issue..but now I have this error: >>>> >>>> AuthFailed: Authentication failed: HTTPSConnectionPool(host=' >>>> learn.domain.com', port=443): Max retries exceeded with url: >>>> /oauth2/access_token/ (Caused by SSLError(SSLError("bad handshake: >>>> Error([('SSL routines', 'tls_process_server_certificate', 'certificate >>>> verify failed')],)",),)) >>>> >>>> >>>> >>>> On Monday, 15 April 2019 11:56:23 UTC+2, mario silic wrote: >>>>> >>>>> Hello >>>>> >>>>> Trying to configure openedx ecommerce and checked few times all >>>>> configs and I'm stuck with a small thing - probably a very simple one: >>>>> >>>>> The only thing I can see in the logs is: >>>>> /edx/app/ecommerce/venvs/ecommerce/local/lib/python2.7/site-packages/django/core/handlers/base.py:152] >>>>> >>>>> -* Not Found: /oauth2/authorize/* >>>>> >>>>> I do get the LOG in screen but each I click on the Log In button it >>>>> takes me to the same URL: >>>>> >>>>> >>>>> https://learn.domain.com:18130/oauth2/authorize/?scope=openid+profile+email+permissions&state=pmiBkzwdU4VqTd >>>>> >>>>> <https://learn.ssbm.ch:18130/oauth2/authorize/?scope=openid+profile+email+permissions&state=pmiBkzwdU4VqTd> >>>>> >>>>> Any idea what could be wrong? >>>>> >>>>> Thanks. >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/cd2e55b0-9b6f-4054-9efb-63b2469f86c5%40googlegroups.com.
