Hello, I have two LTS Ubuntu servers. One is running a monitoring service for printers(24.04) while the other is LibreNMS(22.04). When trying to attach a Pro subscription on either, neither one can access the URL for Canonical. I can ping just fine however it wont pull anything down. I've tried this on two different networks (one has SSL inspection on, one does not) and it did not work on either. I have also ran sudo apt upgrade ca-certificates and it says it is up to date. I assume I may need to manually insert something into an ssl file somewhere? Below is the sequence: I appreciate any help or suggestions!
Thank you for letting me know! sudo pro attach Initiating attach operation... Failed to access URL: https://contracts.canonical.com/vl/magic-attach Cannot verify certificate of server Please check your openssl configuration. I am fresh to Linux so Im not sure what I would put in there.
That web address gives a 484 page not found error message. I do not know why the process is trying to access that page. The tutorial offers this address https://ubuntu.com/pro/attach? Click the Server tab. This is the full tutorial https://ubuntu.com/pro/tutorial I am wondering if you are purchasing a Ubuntu Pro subscription? Is that why you need a contract with Canonical? This link show the pricing structure. https://ubuntu.com/pricing/pro I see that a Server with unlimited VM's with SELF-SUPPORT (minimum level) is $500 per year. Perhaps you should contact Cannonical. Regards
@grahammechanical Thank you for the reply! I tried following the tutorial however I also cannot retrieve the code for the machine to inster into the attach website. The VM refuses to see canonical. Also, I may have mispoken, it is just an Ubuntu 22.04 VM used for LibreNMS so we are utilizing the 5 free personal tokens as we are not enterprise sized. I have the token and everything, it just wont connect to the site.
Originally Posted by currentshaft Run this command and share the output: date ; echo | openssl s_client -connect contracts.canonical.com:443 -showcerts This is on one of the two networks I have access to. One goes through our Zscaler while one does not however I receive the same error on both networks. CONNECTED(00000003) --- Certificate chain 0 s:CN = contracts.canonical.com i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscalertwo.net) (t) " aKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 3 03:45:45 2024 GMT; NotAfter: Aug 17 03:45:45 2024 GMT -----BEGIN CERTIFICATE----- MIID6DCCAtCgAwIBAgISfrn8sxP4Gna3jlCZ4Xi6ct22MA0GCS qGSIb3DQEBCwUA MIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYT EVMBMGA1UECgwM WnNjYWxlciBJbmMuMRUwEwYDVQQLDAxac2NhbGVyIEluYy4xOz A5BgNVBAMMMlpz Y2FsZXIgSW50ZXJtZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXJ0d2 8ubmV0KSAodCkg MB4XDTI0MDgwMzAzNDU0NVoXDTI0MDgxNzAzNDU0NVowIjEgMB 4GA1UEAxMXY29u dHJhY3RzLmNhbm9uaWNhbC5jb20wggEiMA0GCSqGSIb3DQEBAQ UAA4IBDwAwggEK AoIBAQDWfUopHQt/mQJUmA12WULozsEnS8eKfA3Ib44O3lIREXn1JG4Dp7n4/yTn T8ooQyaP8nh22PtpQxTNAbNa4AujlYKS9TiRChpIAOOcPNVvkh znVS/IC9JDJoE7 vaSCOTo1M7jgyH436Z7bFK2+9oML90TtWOo4qCihbRzMG9ZICb 7qbkwQoLGGNM1p 9MMjmJuh/uTx86P1doRy1FZHpAndpwoXSjQUQBt1MRpNOR6Wgat3hHhQ9MU tzmtZ vwkPcTahcn0lQ3WLPyq4u97u52eTtGEGlcz5+ee8tdP/F1Xj2cpEZURVnAdH3DOU hmTmPTJtC5QqLcX5E1nfYQ+mLDaZAgMBAAGjgaswgagwDgYDVR 0PAQH/BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHR MBAf8EAjAAMCIG A1UdEQQbMBmCF2NvbnRyYWN0cy5jYW5vbmljYWwuY29tMEUGA1 UdHwQ+MDwwOqA4 oDaGNGh0dHA6Ly9nYXRld2F5LnpzY2FsZXJ0d28ubmV0L3pzY2 FsZXItenNjcmwt LTQtMS5jcmwwDQYJKoZIhvcNAQELBQADggEBAGHaotDHaLdzUP Sl20H1xTH9r3QW 35q4Mln6F9X7gsDQ28TQMT/356RYkFrmDakvLwrMCqDpK8K4+PFjaTaASV/rpXj8 j+LvG3Ann47eeAP6QOgMX3fEA4m8cBVwRWXeU8oknNaJBdV/yXUQE45KxCsQST+w GYpAnuHK3M3FcmO71QEIBVUjkhwiU6QkofkIBUg9F6hZL2DW8c F7xVYGDb35gjv1 F58kOW+m6++LWOEAl1jOcupjP0+wBt1ZqWc2FwDEhyXH6kb+NB ZeveKVkqnXSDh7 Y1HlJYrJCkf4jkO7L1rYcw99HrtyqHAgAqkaeKwesa6ubTtCMI u5FWwRUmk= -----END CERTIFICATE----- 1 s:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscalertwo.net) (t) " i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net), emailAddress = support@zscaler.com aKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 3 03:45:45 2024 GMT; NotAfter: Aug 17 03:45:45 2024 GMT -----BEGIN CERTIFICATE----- MIIEQjCCAyqgAwIBAgIEZq2n6TANBgkqhkiG9w0BAQsFADCBrD ELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpzY2 FsZXIgSW5jLjEV MBMGA1UECxMMWnNjYWxlciBJbmMuMTYwNAYDVQQDEy1ac2NhbG VyIEludGVybWVk aWF0ZSBSb290IENBICh6c2NhbGVydHdvLm5ldCkxIjAgBgkqhk iG9w0BCQEWE3N1 cHBvcnRAenNjYWxlci5jb20wHhcNMjQwODAzMDM0NTQ1WhcNMj QwODE3MDM0NTQ1 WjCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaW ExFTATBgNVBAoM DFpzY2FsZXIgSW5jLjEVMBMGA1UECwwMWnNjYWxlciBJbmMuMT swOQYDVQQDDDJa c2NhbGVyIEludGVybWVkaWF0ZSBSb290IENBICh6c2NhbGVydH dvLm5ldCkgKHQp IDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhK1y byJ+nQjuqG2KNX eE+If8h65Cqx25RiEBhqXcBMhX2NFjU/QrH7mDG10hEtudXq++RTFILZ8BC2n+wv Wqibsd9BP6AYGhrOgs/UHVns52nuXUXY0syc3lkH1qrA740VccjqY/Ol+DYduLvR YxZ2UOPvzL05vJJBcct2s4WncwwUNJxYkRASOAeNEy7Z+PjA0v +IBDsrmfwzq4Dm oT9dmGN6ruBJJ55xjE961E93XI29ouwCi0eKEuzvBqR/cst1nTD0jOMboDgLkdQt qLCu9AUylkgnzZxEu16lpK0ahtB7wYfbSbH5o7bxmqI6Dyi/CwOUjruoVlA6hz78 5xsCAwEAAaOBiDCBhTAdBgNVHQ4EFgQUgKXmzVQnaeimBs6eUW qC8pCtK1MwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAf4wQwYDVR0fBDwwOjA4oDagNIYy aHR0cDovL2dhdGV3YXkuenNjYWxlcnR3by5uZXQvY3JsL3pzMi 1rZWstLTQtMS5j cmwwDQYJKoZIhvcNAQELBQADggEBAFV2vak9Tnl6+8NG1OUOM3 5fd/hy2ZErKGBI TIAMUs27nK71NNGh9ILbHcTNs/UNE0HBSGT5ZPwUh0otZcmRAQ/4RWAmdGY9cUZ1 pDDgKpjM8c2lnhAlez7Z2CQHJqDTtUnzErFpCkC3n1V1n0zZNF 2uDgUM4YSH248T R6HZC2sG1Phkyf9P34EQbgHrW1SF+lHu+RXgFn5aR/dX/ND3ub3QwUe/3dlSNv8I U8RP/h+nzjKBBuU2tfguXsh4+C+XcnL9V6Ig19c9QckIZGg9s9PN/FBwg4A3zVq+ dqc662JFreOKwbjGIRNr51tS2hbyJvgbhbIy93PAr3+O0VLVHW o= -----END CERTIFICATE----- 2 s:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net), emailAddress = support@zscaler.com i:C = US, ST = California, L = San Jose, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Root CA, emailAddress = support@zscaler.com aKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 5 05:32:29 2020 GMT; NotAfter: Jun 23 05:32:29 2041 GMT -----BEGIN CERTIFICATE----- MIIERzCCAy+gAwIBAgICAQAwDQYJKoZIhvcNAQELBQAwgaExCz AJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm 9zZTEVMBMGA1UE ChMMWnNjYWxlciBJbmMuMRUwEwYDVQQLEwxac2NhbGVyIEluYy 4xGDAWBgNVBAMT D1pzY2FsZXIgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTc3VwcG 9ydEB6c2NhbGVy LmNvbTAeFw0yMDA2MDUwNTMyMjlaFw00MTA2MjMwNTMyMjlaMI GsMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMWn NjYWxlciBJbmMu MRUwEwYDVQQLEwxac2NhbGVyIEluYy4xNjA0BgNVBAMTLVpzY2 FsZXIgSW50ZXJt ZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXJ0d28ubmV0KTEiMCAGCS qGSIb3DQEJARYT c3VwcG9ydEB6c2NhbGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQ ADggEPADCCAQoC ggEBAM9xxb9SVjz6HtwjcUP8lv+hNCKFiw3yftozjqR3CH0n9X 8xEfqTI/EMgplD EfE2+35AbCoBz51R3ox07x5wi40HIczswffEbauOeEsv6f5i9+ YCeU8BQXGcHQfr iGTt0twlGWTu6fTUQanO+ZN74ryrx9LPXfYf4A6P/bCp3O0ZQ2g41ZGrwq0a6N20 u93IZvN5fzvIMWpkx42cqQLkA+sFyjgttwXZb4RWeZS3qkZjfo P9a0AwA3ikDu+X 1P5wYhxznPNEYJGHXOjijVGlAnPAVlUSx8wN05Uf/wUHc0dBMHvhE4zU/XX2p0gK 7lv43LRJBaCerp2CrndkeUODM00CAwEAAaN8MHowHQYDVR0OBB YEFE2yfVhAxH8h 7ZnemT8RNxGls8gRMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAg H+MD4GA1UdHwQ3 MDUwM6AxoC+GLWh0dHA6Ly9nYXRld2F5LnpzY2FsZXJ0d28ubm V0L2NybC96czIt aW50LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAeYGrs/oT9ukfNQWVbqOPCk81LmMq iO0W/QQ+93xV1ovmmLKZt74l/5MZpUGYbBbCW/vNGjWwDYHC36GRHHRrbqsPG5R9 VcZYSUwZ32QcIvACiijfCPdmyeCRBO3IwPVhuK2aleZOM5usQ6 PY71FNYWZKZwoh 79k6wpdgMbEE7/Iq0hWdgj6r3Pk2Ag4G0v54fxIp9hcN+vJe3lm7NFg6btn60Og6 dZn+0MstMuujCSRHSK8KRE8IT9DZ5/7QJRQv40c8Tc5i6IRy0unYQaFXBw7RBTcE nx91KjR7+Gg4ldss5p4RNrpIlYDfon+KfTekgNnAu5NVCcva2y oByhA8Rg== -----END CERTIFICATE----- --- Server certificate subject=CN = contracts.canonical.com issuer=C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscalertwo.net) (t) " --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 3889 bytes and written 763 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) ---
Originally Posted by currentshaft Whoever is running ZScaler is MITM'ing all your connections which are supposed to be end-to-end encrypted. Ubuntu is literally protecting you from this by distrusting the connection: " Verification error: unable to get local issuer certificate " You should take this up with your system administrator. Is it relevant that I cannot access contracts.canonical.com from any device regardless of network without receiving a 404 error?
