SSL/SSH connection issues due to certificates #239
Description
I've got a local gitea docker container running with grav on a FreeBSD jail (due to reasons).
I believe the user nginx and php-fpm is running as is www, but it's a nologin/no shell account (e.g. doesn't have a home folder, but I can probably fix that aspect).
The error(s) I'm getting are:
- (https) gitsync[output]: fatal: unable to access 'https://gitea.home.lab/MyOrg/TestGrav.git/': SSL certificate problem: unable to get local issuer certificate
- (ssh) gitsync[output]: Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
What I think is happening:
- Since my local gitea has a self-signed certificate, grav-plugin-git-sync is refusing to connect to such a dubious website so it quits.
- My ssh host key is probably not visible to this user (e.g. never connected to it before). While I'm on the server/jail, I'm root, but that's not the user that runs nginx/php-fpm. I suspect I need to connect to the host first.
(I've also tried creating an auth token and using that just in case it the problem was something else, but it insists on the 1st complaint.)
Since I'm using a domain that I don't own (e.g. made up one), that means it's not so easy to just generate a real certificate (e.g. via Let's Encrypt).
So questions:
- Are my suspicions correct?
- Is there a workaround for this situation?
- Would this scenario be one that's easy to support in the future?
Update: On a whim I tried to use http instead of https and that seemed to work (after rebasing the git repo). (Workaround)
Based on how it's working right now, I also have another question (but unsure if I should file another issue for it):
Is it possible for grav-plugin-git-sync to "pull down" an existing repo? It seems like during initialization that it commits all the local files without pulling from the remote repository first. This is possibly why I had to rebase my commits in order for things to work. So I'm wondering now (e.g. w/o setting up a new site and testing it) whether setting up a fresh new Grav w/ git-sync will result in an existing site (from an existing repo) or will it try to commit the existing new site on top of (and fail) the old repo?