HTTPS / SSL Certification now allowing connect.

This site is currently in read-only mode during migration to a new platform.
You cannot post questions, answers or comments, as they would be lost during the migration otherwise.
0 votes

Problem: HttpClient connects to host and just freezes / keeps trying to connect to host; fails to connect / can't connect to host via HTTPS with certificate, did before regular HTTP.

Hello, I am having some difficulty getting SSL certificates / HTTPS connection to host to work. I am using a certbot / LetsEncrypt free certificate on my ubuntu 18.04 nginx server.

I have SSL certificate set in my Project>SSL settings to the .cert file that contains the certificates from my server under /etc/ssl/certs/ca-certificates.crt on my ubuntu server.

I've tried changing the server name to contain https:// but that doesn't work either.

HTTPS works on the server, I've tested via browser.

This is how i connect to the host:

   print("Connecting to host...")
    IP.clear_cache()
    http.close()
    err = http.connect_to_host( "client.mydomain.com, 443,true,true)

    if err != OK:
        print("connection error: " + str(err))
        bOffline = true
        prompt_to_connect()
    else:
        while http.get_status() == HTTPClient.STATUS_CONNECTING or http.get_status() == HTTPClient.STATUS_RESOLVING:
            print("Connecting to host...")
            http.poll()
            tries += 1
            OS.delay_msec(10)
            if tries == 10:
                info_text("Failed to connect to server.")
                prompt_to_connect()
        print("status: " + str(http.get_status()))
        if http.get_status() != 5:
            print("response code: " + str(http.get_response_code()))
            print("Connection to host failed.")
            prompt_to_connect()
        else:
            bOffline = false
            print("Connected to host.")
`

my log as it runs through connecting
Establishing connection...
Connecting to host... # try 1
Connecting to host...
Connecting to host...
Connecting to host...
Connecting to host...
Connecting to host... #...last try
status: 4 # failed.
response code: 0
Connection to host failed.

Am I supposed to do something else the .crt file? I just copied the certificates file and used that as my godot's SSL, is this correct? Thanks guys for the help.

in Engine by (18 points)
edited by

2 Answers

0 votes

The crt file is for your server alone - it's will hand out the parts clients need it self.

The clients will choose to trust the certificate base on their chain of trust/root CA, given that letsencrypt is crosssigned by idenTrust both your os and browser should trust it.

I don't know the exact details but I imagine that godot will pull the OS certificates chain and use that.

One thing that I imdiately notice is that you only wait 10ms between each retry - try bumping that to 25 or 50 and see if it makes a difference.
Even a simple page such a google.com served by one of the world most optimized servers needs 116ms for the client to get the first byte ( TTFB in the chrome network inspecter if your interested ) your own server is properly going to be just tad slower :)

by (370 points)

I don't know the exact details but I imagine that godot will pull the OS certificates chain and use that.

Godot does not currently support using the OS-provided certificate store. However, starting from Godot 3.1, a SSL certificate bundle will be included in export templates which will make HTTPS requests work out of the box.

by (12,908 points)

So what's the point of the SSL cert in the project files now? Do i just leave it blank now since the SSL certificate bundle is now here?

by (18 points)

Update: I removed the .crt file from my SSL Project settings and changed the delay from 10 ms to 50 ms, still can't connect.

by (18 points)

Another Update ( sorry for multiple comments, I really want to get this fixed)

Connecting to google.com with HTTPS gives this error 

Cause: unable to get local issuer certificate
by (18 points)

Here is a few things to try
try adding letsencrypts root certificate;
https://letsencrypt.org/certs/isrgrootx1.pem.txt

if that doesn't work that I would suggest waiting for 3.1 or using nightlies

by (370 points)

I've been trying that, still not working. I've tried connecting to google.com and that worked, though not my server.

by (18 points)
0 votes

Did u make sure to add .crt extension in the export filter dialog as shown here ?
This is needed to embed the certificate in the executable.

by (895 points)

Yes, that I have that as shown.

by (18 points)
Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read Frequently asked questions and How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to [email protected] with your username.