Starting today, calling the API is giving me a certificate error
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)):
Answer
For reference for other users, we were able to diagnose this issue further.
The author appears to be running into the Let's Encrypt Certificate Authority expiry issue that is documented here:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
Hebcal's certificate itself is valid and expires in 1 month and 28 days:
https://www.ssllabs.com/ssltest/analyze.html?d=www.hebcal.com&latest
However, very old operating systems or browsers need to update their CA store so they can trust the more modern Let's Encrypt signing authority.
Hi, thanks for using Hebcal. We are sorry to hear you are having SSL certificate expired issues.
Unfortunately, we are unable to reproduce this error.
mradwin ~ % curl --compressed -v 'https://www.hebcal.com/shabbat?cfg=json&zip=90210' * Trying 45.55.96.251... * TCP_NODELAY set * Connected to www.hebcal.com (45.55.96.251) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=hebcal.com * start date: Aug 30 00:57:02 2021 GMT * expire date: Nov 28 00:57:01 2021 GMT * subjectAltName: host "www.hebcal.com" matched cert's "www.hebcal.com" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7fdf7980ec00) > GET /shabbat?cfg=json&zip=90210 HTTP/2 > Host: www.hebcal.com > User-Agent: curl/7.64.1 > Accept: */* > Accept-Encoding: deflate, gzip > * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 < server: nginx/1.18.0 (Ubuntu) < date: Thu, 30 Sep 2021 15:48:57 GMT < content-type: application/json; charset=utf-8 < content-length: 770 < vary: Accept-Encoding < etag: W/"17a-Tj/NK7JgcA6OrApV7TdezSRU3LY" < last-modified: Thu, 30 Sep 2021 15:48:45 GMT < expires: Sun, 03 Oct 2021 07:00:00 GMT < content-encoding: gzip < x-response-time: 6.331ms < x-varnish: 2229171 133656 < age: 12 < via: 1.1 varnish (Varnish/6.2) < access-control-allow-origin: * < accept-ranges: bytes < * Connection #0 to host www.hebcal.com left intact {"title":"Hebcal Beverly Hills October 2021","date":"2021-09-30T15:48:45.277Z","location":{"title":"Beverly Hills, CA 90210","city":"Beverly Hills","tzid":"America/Los_Angeles","latitude":34.103131,"longitude":-118.416253,"cc":"US","country":"United States","admin1":"CA","geo":"zip","zip":"90210","state":"CA"},"items":[{"title":"Candle lighting: 6:19pm","date":"2021-10-01T18:19:00-07:00","category":"candles","title_orig":"Candle lighting","hebrew":"הדלקת נרות","memo":"Parashat Bereshit"},{"title":"Shabbat Mevarchim Chodesh Cheshvan","date":"2021-10-02","category":"mevarchim","hebrew":"שבת מברכים חודש חשון","memo":"Molad Cheshvan: Wed, 11 minutes and 12 chalakim after 12:00"},{"title":"Parashat Bereshit","date":"2021-10-02","category":"parashat","hebrew":"פרשת בראשית","leyning":{"1":"Genesis 1:1 - 2:3","2":"Genesis 2:4 - 2:19","3":"Genesis 2:20 - 3:21","4":"Genesis 3:22 - 4:18","5":"Genesis 4:19 - 4:22","6":"Genesis 4:23 - 5:24","7":"Genesis 5:25 - 6:8","torah":"Genesis 1:1-6:8","haftarah":"Isaiah 42:5 - 43:10","haftarah_sephardic":"Isaiah 42:5 - 42:21","maftir":"Genesis 6:5 - 6:8","triennial":{"1":"Genesis 5:1 - 5:5","2":"Genesis 5:6 - 5:8","3":"Genesis 5:9 - 5:14","4":"Genesis 5:15 - 5:20","5":"Genesis 5:21 - 5:24","6":"Genesis 5:25 - 5:31","7":"Genesis 5:32 - 6:8","maftir":"Genesis 6:5 - 6:8"}},"link":"https://<a href="http://www.hebcal.com" class="redactor-autoparser-object">www.hebcal.com</a>/sedrot/bereshit-20211002?utm_source=js&utm_medium=api"},{"title":"Havdalah: 7:13pm","date":"2021-10-02T19:13:00-07:00","category":"havdalah","title_orig":"Havdalah","hebrew":"הבדלה"}]}* Closing connection 0 mradwin ~ %
Customer support service by UserEcho
Hi, thanks for using Hebcal. We are sorry to hear you are having SSL certificate expired issues.
Unfortunately, we are unable to reproduce this error.