powerful-author-61934
07/14/2023, 12:29 PMx509: certificate signed by unknown authority method POST url <https://pricing.api.infracost.io/graphql|https://pricing.api.infracost.io/graphql>
error. Is anyone have any idea about this?little-author-61621
powerful-author-61934
07/14/2023, 12:39 PMlittle-author-61621
http_proxy
or https_proxy
environment variables, so I was wondering if your Jenkins installation has anything like this.
One option to test this is to set the following env variable in your pipeline:
no_proxy=<http://pricing.api.infracost.io|pricing.api.infracost.io>
powerful-author-61934
07/14/2023, 12:46 PMlittle-author-61621
curl -i <https://pricing.api.infracost.io/health> -H "X-Api-Key: API_KEY"
API_KEY
is your api keypowerful-author-61934
07/14/2023, 12:49 PMlittle-author-61621
powerful-author-61934
07/14/2023, 12:50 PMlittle-author-61621
powerful-author-61934
07/14/2023, 12:52 PMlittle-author-61621
curl
command work for you?powerful-author-61934
07/14/2023, 12:58 PMlittle-author-61621
powerful-author-61934
07/14/2023, 1:00 PMlittle-author-61621
--insecure
option to see.powerful-author-61934
07/14/2023, 1:03 PMlittle-author-61621
INFRACOST_TLS_INSECURE_SKIP_VERIFY=true
That will work the same as the curl --insecure
flag.powerful-author-61934
07/14/2023, 1:17 PMINFRACOST_TLS_INSECURE_SKIP_VERIFY=true
But if I set this then infracost is showing INVALID API KEY.
I tried switching this variable then I am getting the same error as above(x509)little-author-61621
curl -vvv <https://pricing.api.infracost.io/>
show?powerful-author-61934
07/14/2023, 1:25 PMlittle-author-61621
powerful-author-61934
07/14/2023, 1:26 PMcurl -vvv <https://pricing.api.infracost.io/> --cacert cacert.pem -k
command, and after connecting to host pricing.api.infracost.io it is saying * Connection #0 to host <http://pricing.api.infracost.io|pricing.api.infracost.io> left intact {"error": "Invalid API key"}
and ultimately throwing same x509 errorlittle-author-61621
powerful-author-61934
07/17/2023, 9:23 AM+ curl -vvv <https://pricing.api.infracost.io/> --cacert cacert.pem -k
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* Trying 52.95.251.237:443...
* Connected to <http://pricing.api.infracost.io|pricing.api.infracost.io> (52.95.251.237) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: cacert.pem
* CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [155 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3222 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.<http://api.infracost.io|api.infracost.io>
* start date: Jul 15 09:25:06 2023 GMT
* expire date: Jul 29 09:25:06 2023 GMT
* issuer: C=US; ST=California; O=Zscaler Inc.; OU=Zscaler Inc.; CN=Zscaler Intermediate Root CA (<http://zscalerthree.net|zscalerthree.net>) (t)
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
} [5 bytes data]
> GET / HTTP/1.1
> Host: <http://pricing.api.infracost.io|pricing.api.infracost.io>
> User-Agent: curl/7.74.0
> Accept: */*
>
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Mon, 17 Jul 2023 07:38:01 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 27
< Connection: keep-alive
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< ETag: W/"1b-MUVDKc802GySH68qxmhhZ8AjuoI"
<
{ [27 bytes data]
100 27 100 27 0 0 5 0 0:00:05 0:00:04 0:00:01 6
* Connection #0 to host <http://pricing.api.infracost.io|pricing.api.infracost.io> left intact
{"error":"Invalid API key"}
[Pipeline] sh
+ infracost breakdown --path=.
time="2023-07-17T07:38:02Z" level=info msg="Evaluating Terraform directory at ."
time="2023-07-17T07:38:02Z" level=info msg="Starting: Downloading Terraform modules"
time="2023-07-17T07:38:02Z" level=info msg="Starting: Evaluating Terraform directory"
time="2023-07-17T07:38:02Z" level=info msg="Starting: Retrieving cloud prices to calculate costs"
time="2023-07-17T07:38:09Z" level=error library=retryablehttp msg="request failed error Post \"<https://pricing.api.infracost.io/graphql>\": x509: certificate signed by unknown authority method POST url <https://pricing.api.infracost.io/graphql>"
time="2023-07-17T07:38:12Z" level=error library=retryablehttp msg="request failed error Post \"<https://pricing.api.infracost.io/event>\": x509: certificate signed by unknown authority method POST url <https://pricing.api.infracost.io/event>"
time="2023-07-17T07:38:12Z" level=error msg="Error reporting event: Error sending API request: Post \"<https://pricing.api.infracost.io/event>\": POST <https://pricing.api.infracost.io/event> giving up after 1 attempt(s): Post \"<https://pricing.api.infracost.io/event>\": x509: certificate signed by unknown authority"
Project: *****
Errors:
Error sending API request:
Post "<https://pricing.api.infracost.io/graphql>":
POST <https://pricing.api.infracost.io/graphql> giving up after 1 attempt(s):
Post "<https://pricing.api.infracost.io/graphql>":
x509:
certificate signed by unknown authority
OVERALL TOTAL $0.00
little-author-61621
* issuer: C=US; ST=California; O=Zscaler Inc.; OU=Zscaler Inc.; CN=Zscaler Intermediate Root CA (<http://zscalerthree.net|zscalerthree.net>) (t)
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
Looks like this is a going through a proxy server on your end which it’s unable to get the certificate for. Do you have the Zscaler Intermediate Root CA certificate installed?powerful-author-61934
07/17/2023, 9:36 AMlittle-author-61621
export INFRACOST_TLS_CA_CERT_FILE=/path/to/ca.crt
powerful-author-61934
07/18/2023, 3:09 PMlittle-author-61621