I am trying to install coldbox using commandbox but am getting the following error:
CommandBox:coldbox> install coldbox
Installing package [forgebox:coldbox] Verifying package ‘coldbox’ in ForgeBox, please wait… Uh-oh, ForgeBox returned something other than JSON. Run “system-log | open” to see the full response. GET https://www.forgebox.io/api/v1/entry/coldbox
408 Request Time-out
The error in the commandbox log is: “ERROR”,“FILEAPPENDER”,“06/20/2016”,“14:02:08”,“commandbox.system.util.ForgeBox”,"Something other than JSON returned. GET https://www.forgebox.io/api/v1/entry/coldbox 408 Request Time-out Actual HTTP Response: Connection Timeout"
We have a firewall but I have already set the proxy server and its port. Performing a upgrade command for commandbox seems to be ok, i.e.
CommandBox:coldbox> upgrade Getting stable versioning information from http://downloads.ortussolutions.com/ Your version of CommandBox (3.1.1+00383) is already current (3.1.1).
If I try to load this page from a browser https://www.forgebox.io/api/v1/entry/coldbox, I get an HTML 404 error.
I have no problem with the ‘install coldbox’ command when I am not in the work office.
Yieng,
Check your proxy. For the URL you gave, https://www.forgebox.io/api/v1/entry/coldbox, I get the expected JSON file that enumerates the available versions of coldbox. I can’t remember the name of the proxyserver I use (infrequently) for debugging issues like this, but till you can make that connection, “nuttin gonna happen”, I’m thinking! LucK, JT
The Certificate Verification failed due to at least one of the following reasons:
The certificate is not valid;
The certificates CommonName does not match the URL
The certificate was issued by an untrusted certificate authority.
When the above occurs, it redirects to another URL, and hence the error that what’s return isn’t JSON.
Brad, is there an option for us to use http://www.forgebox.io/api/v1/entry/coldbox (i.e. with SSL), or to have a matching domain in the SSL certificate, or is SSL imperative?
Our network admins won’t make an exception for mismatched domain certificate. If there’s no other options for us, then I am afraid we won’t be able to use commandbox to automate installation, update and creation.
It may be that your organization (or Trend Micro) needs to update their validation to accept multi-domain certificates. A verification of the URL in only the Common Name of the cert (see possibility #2), in this day and age is bound to fail with a fair number of providers besides Forgebox. They should be using the Common Name AND the Subject Alternative Names values from the cert.
I know cloudflare does another of management with SSL certificates and they recently added their own CA. or at least i remember reading about that on one of their recent blog posts.
Yes, that was my point :). I just clicked the URL in one of the messages on this thread, which fails for the reason you say, and as indicated in the server response I quoted. If that’s not the actual URL being used in this process, then it’s a non-issue, just didn’t want the obvious to go by un-examined.