Python HelloWorld Script =SSL Certificate Errors

Hi All,

I have some Python to run through a Runbook task For the moment print 'HelloWorld" returns the error:

‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/

SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))) - skipping
January 12th 2021 16:06:02Error
Unable to install package pycryptodome using pip.

I don’t know what that is. I have guessed the action:
pip install pycryptodome

and that errors with
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘ProtocolError(‘Connection aborted.’, ConnectionResetError(10054, ‘An existing connection was forcibly closed by the remote host’, None, 10054, None))’: /simple/pycryptodome/

It’s unclear to me how to proceed - any advice much appreciated!
I have intalled Python 3.9, and this is a Windows Server.

Kind Regards
Rob

Hi Rob,

Thank you for contacting Octopus Support.

Could you provide a copy of the raw task log? Also, just to confirm, are you running this step on the Octopus Server or on a target?

I look forward to hearing back from you.

Regards,
Donny

Hi there, this is being run on the target DBA Management server.

Hopefully this helps! :-
Task ID: ServerTasks-136525
Related IDs: RunbookRuns-771, RunbookSnapshots-367, Projects-2084, Runbooks-184, Spaces-1, Environments-3
Task status: Failed
Task queued: Tuesday, 12 January 2021 4:05:45 PM +00:00
Task started: Tuesday, 12 January 2021 4:05:46 PM +00:00
Task completed: Tuesday, 12 January 2021 4:06:02 PM +00:00
Task duration: 17 seconds
Server version: 2020.5.3+Branch.tags-2020.5.3.Sha.660191abb3937208749863bc12f6249a62b62bac
Server node: serverMUG

                | == Failed: Run Database Refresh Process - POC Trial on DV1 ==

16:05:46 Info | Step 1: Database Information - Check Connections to Source and Target with Secure Account is disabled, and will not be executed
16:05:46 Info | Step 2: Backup Database is disabled, and will not be executed
16:05:46 Info | Step 3: Export Logins is disabled, and will not be executed
16:05:46 Info | Step 4: Export Users , Restore Database, Add Back Original Users is disabled, and will not be executed
16:05:46 Info | Step 5: Set Database Owner is disabled, and will not be executed
16:05:46 Info | Step 6: Sanitise the data is disabled, and will not be executed
16:05:46 Info | Step 7: Rename the database is disabled, and will not be executed
16:05:46 Info | Step 8: Rubrik Backup is disabled, and will not be executed
16:05:46 Verbose | Guided failure is not enabled for this task
16:06:02 Fatal | The run failed because one or more steps failed. Please see the run log for details.
|
| == Failed: Step 9: Python Test ==
16:06:02 Fatal | The step failed: Activity Python Test on DBA Management Server - 1 failed with error ‘The remote script failed with exit code 1’.
16:06:02 Verbose | Python Test completed
|
| == Failed: DBA Management Server - 1 ==
16:05:46 Verbose | Octopus Server version: 2020.5.3+Branch.tags-2020.5.3.Sha.660191abb3937208749863bc12f6249a62b62bac
16:05:46 Verbose | Environment Information:
| IsRunningInContainer: False
| OperatingSystem: Microsoft Windows 10.0.14393
| OsBitVersion: x64
| Is64BitProcess: True
| CurrentUser: domain\Z_Octopus_DEV
| MachineName: servername
| ProcessorCount: 4
| CurrentDirectory: C:\Windows\system32
| TempDirectory: C:\Users\z_octopus_dev\AppData\Local\Temp
| HostProcessName: Octopus.Server
| PID: 8844
16:05:46 Verbose | Executing Python Test (type Run a Script) on DBA Management Server - 1
16:05:46 Verbose | Starting C:\Windows\system32\WindowsPowershell\v1.0\PowerShell.exe in working directory ‘C:\Octopus\Work\20210112160628-136525-23’ using ‘Western European (DOS)’ encoding running as ‘NT AUTHORITY\SYSTEM’ with the same environment variables as the launching process
16:05:49 Verbose | Process C:\Windows\system32\WindowsPowershell\v1.0\PowerShell.exe in C:\Octopus\Work\20210112160628-136525-23 exited with code 0
16:05:49 Verbose | Using Calamari.netfx 15.1.5
16:05:49 Verbose | Using Calamari.netfx 15.1.5
16:05:49 Verbose | Starting C:\Windows\system32\WindowsPowershell\v1.0\PowerShell.exe in working directory ‘C:\Octopus\Work\20210112160631-136525-24’ using ‘Western European (DOS)’ encoding running as ‘NT AUTHORITY\SYSTEM’ with the same environment variables as the launching process
16:05:52 Verbose | Calamari Version: 15.1.5
16:05:52 Verbose | Environment Information:
16:05:52 Verbose | OperatingSystem: Microsoft Windows NT 10.0.14393.0
16:05:52 Verbose | OsBitVersion: x64
16:05:52 Verbose | Is64BitProcess: True
16:05:52 Verbose | CurrentUser: NT AUTHORITY\SYSTEM
16:05:52 Verbose | MachineName: serverYR4
16:05:52 Verbose | ProcessorCount: 4
16:05:52 Verbose | CurrentDirectory: C:\Octopus\Work\20210112160631-136525-24
16:05:52 Verbose | TempDirectory: C:\Windows\TEMP
16:05:52 Verbose | HostProcess: Calamari (10788)
16:05:53 Verbose | Performing variable substitution on ‘C:\Octopus\Work\20210112160631-136525-24\Script.py’
16:05:53 Verbose | Executing ‘C:\Octopus\Work\20210112160631-136525-24\Script.py’
16:05:53 Verbose | Setting Proxy Environment Variables
16:05:53 Error | WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/
16:05:54 Error | WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/
16:05:55 Error | WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/
16:05:57 Error | WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/
16:06:02 Error | WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/
16:06:02 Error | ERROR: Could not find a version that satisfies the requirement pycryptodome (from versions: none)
16:06:02 Error | ERROR: No matching distribution found for pycryptodome
16:06:02 Info | Could not fetch URL https://pypi.org/simple/pycryptodome/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host=‘pypi.org’, port=443): Max retries exceeded with url: /simple/pycryptodome/ (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))) - skipping
16:06:02 Info | Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host=‘pypi.org’, port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))) - skipping
16:06:02 Error | Unable to install package pycryptodome using pip.
16:06:02 Error | If you do not have pip you can install pycryptodome using your favorite python package manager.
16:06:02 Verbose | Checking for dependency pycryptodome
16:06:02 Verbose | Did not find dependency, attempting to install pycryptodome for the current user using pip
16:06:02 Verbose | Process C:\Windows\system32\WindowsPowershell\v1.0\PowerShell.exe in C:\Octopus\Work\20210112160631-136525-24 exited with code 1
16:06:02 Verbose | Updating manifest with output variables
16:06:02 Verbose | Updating manifest with action evaluated variables
16:06:02 Fatal | The remote script failed with exit code 1
16:06:02 Fatal | The action Python Test on DBA Management Server - 1 failed

Hi Rob,

Thank you for getting back to me.

I would recommend running a quick bash script to see what cert is being returned:
curl https://pypi.org

The “[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)’))’: /simple/pycryptodome/” error seems consistent with an internal proxy terminating the SSL stream.

Let me know what you find out.

Regards,
Donny

I downloaded copied the latest curl.exe to the server and from the folder (not PATHED) I ran that command from cmd. The response was:
curl: (35) OpenSSL SSL_connect: Connection was reset in connection to pypi.org:443

I don’t know if that reply is desired (I assume not) and what the remediation might be to resolve it. I feel like I have lost all the edges to build this puzzle :frowning:

I’ve looked at the Octopus Python configuration script that is invoked whenever any Pythin scipt is used, and run the first few lines manually.

import base64
import os.path
import sys
import binascii
from Crypto.Cipher import AES

as soon as it gets to

Blockquote

from Crypto.Cipher import AES

Blockquote

the trouble begins!

Blockquote

ModuleNotFoundError: No module named ‘Crypto’

I have tried installing this a few ways. Of course (?) we are behind firewalls so it is hard to fathom.

…\Python39\Scripts>easy_install pycrypto --trusted-host pypi.python.org
WARNING: The easy_install command is deprecated and will be removed in a future version.
Searching for pycrypto
Reading https://pypi.org/simple/pycrypto/
Download error on https://pypi.org/simple/pycrypto/: [WinError 10054] An existing connection was forcibly closed by the remote host – Some packages may not be found!
Couldn’t find index page for ‘pycrypto’ (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.org/simple/
Download error on https://pypi.org/simple/: [WinError 10054] An existing connection was forcibly closed by the remote host – Some packages may not be found!
No local packages or working download links found for pycrypto
error: Could not find suitable distribution for Requirement.parse(‘pycrypto’)

Blockquote

I did copy the what I hoped might be the package locally, e.g., but could not work out how to install it.

Blockquote

pycryptodome-3.9.9-cp27-cp27m-win_amd64.whl

Blockquote

These linkes were reviewed, but I didn’t get to a solution:


Hi Rob,

Thank you for getting back to me.

Since the connection was reset outside of Octopus, we’re likely looking at an environmental network issue. I think the best path forward would be to reach out to your internal network team (or network admin) to have them look into this with you.

I’m here if you have any additional questions. Please let me know how it goes.

Regards,
Donny