SSL certificate problem: certificate has expired

Hello,

It worked fine before but no longer the case after deployment yesterday. I created a very simple example to replicate the problem.

Anyone can lend a hand please.

Thanks very much.

Once the example app (https://mbienz.shinyapps.io/uncomtrade_test/) is deployed to shinyappio, The ct_search() from "comtradr" package will no longer work.

The error I get from log is Error in curl::curl_fetch_memory(url, handle = handle) :
2020-06-04T01:11:21.532166+00:00 shinyapps[2405335]: SSL certificate problem: certificate has expired.

The ui.R and server.R are below:

library(shiny)
library(DT)
library(comtradr)


ui <- fluidPage(

   titlePanel("Hello Shiny!"),
   
   sidebarLayout(
      
      sidebarPanel(
         
         # Input: Slider for the number of bins ----
         selectizeInput("select_country",
                        tags$p("Select a country"), 
                        choices =  c("New Zealand"), 
                        selected = NULL,  width = "200px",
                        multiple = T)
         
      ),
      
      mainPanel(
         DTOutput(outputId = "export_table")
         
      )
   )
)


library(shiny)
library(DT)
library(comtradr)

server <- function(input, output) {
   
   observe({
      try(
      dtf_exports <-
         ct_search(reporters = input$select_country,
                   partners = "All",
                   trade_direction = "exports",
                   start_date = 2018,
                   end_date = 2018
                   )
      )
   })
   
   output$export_table <- renderDT({
      
      dtf_exports
      
   })
   
}

> sessionInfo()
R version 3.5.1 (2018-07-02)
Platform: x86_64-w64-mingw32/x64 (64-bit)
Running under: Windows 10 x64 (build 18362)

Matrix products: default

locale:
[1] LC_COLLATE=Chinese (Simplified)_China.936  LC_CTYPE=Chinese (Simplified)_China.936    LC_MONETARY=Chinese (Simplified)_China.936
[4] LC_NUMERIC=C                               LC_TIME=Chinese (Simplified)_China.936    

attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base     

other attached packages:
[1] comtradr_0.2.2   DT_0.9           packrat_0.5.0    rsconnect_0.8.15 shiny_1.4.0     

loaded via a namespace (and not attached):
 [1] Rcpp_1.0.2        rstudioapi_0.10   magrittr_1.5      xtable_1.8-4      R6_2.2.2          rlang_0.4.1       fastmap_1.0.1    
 [8] httr_1.4.1        tools_3.5.1       htmltools_0.4.0   crosstalk_1.0.0   openssl_1.0.1     yaml_2.2.0        digest_0.6.22    
[15] crayon_1.3.4      purrr_0.3.3       later_1.0.0       htmlwidgets_1.5.1 promises_1.1.0    curl_3.2          mime_0.5         
[22] compiler_3.5.1    jsonlite_1.6.1    httpuv_1.5.2      Cairo_1.5-10

So, this issue has been plaguing a non-insubstantial # of sites in general since May 30. A certificate issue — COMODO — (for various reasons not salient to this reply) CA certificate (certificates operate in a "chain") expired on May 30. You can see for yourself with:

x <- openssl::download_ssl_cert("comtrade.un.org")

lapply(x, `[[`, "validity")

the last entry shows the top-most cert has expired.

Browsers are "cheating" by letting folks visit the site without a warning, but anything that uses libcurl does strict checking unless told otherwise.

I'm not comfortable posting a workaround suggestion b/c disabling SSL cert validation is kindof a bad idea, esp since most folks will forget to remove the workaround. I can give a hint that it will involve httr::with_config(), tho, if you're desperate to get this working before they regen the cert.

I filed an issue over at the {comtradr} GH repo https://github.com/ropensci/comtradr/issues/25

This topic was automatically closed 54 days after the last reply. New replies are no longer allowed.

So, if you promise to not let the hack be permanent…

Let's mock an API call by creating a function that calls httr::GET():

getƒ <- function() {
  httr::GET("comtrade.un.org")
}

Now, we'll make the API call:

getƒ()
## Error in curl::curl_fetch_memory(url, handle = handle) : 
##  SSL certificate problem: certificate has expired 

DOH!

Let's see if there are any {curl} options to help us out:

str(as.list(curl::curl_options("ssl_ver")))
## List of 5
##  $ proxy_ssl_verifyhost: num 249
##  $ proxy_ssl_verifypeer: num 248
##  $ ssl_verifyhost      : num 81
##  $ ssl_verifypeer      : num 64
##  $ ssl_verifystatus    : num 232

AH! So, let's just tell {curl} to forget about the peer certs (which are the "bad" ones):

httr::with_config(
  config = httr::config(ssl_verifypeer = FALSE),
  getƒ()
)
## Response [https://comtrade.un.org/]
##   Date: 2020-06-05 01:44
##   Status: 200
##   Content-Type: text/html
##   Size: 64.1 kB
## <!doctype html>
## <html lang="en">
## <head>
##     <meta charset="UTF-8"/>
##     <title>UN Comtrade | International Trade Statistics Database</title>
##     <meta name="DESCRIPTION" content="United Nations Comtrade Database - Internation...
##     <meta name="KEYWORDS" content="trade, trade data, imports, exports, world trade,...
##     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
##     <!--<link href="css/bootstrap.min.css" rel="stylesheet" media="screen">-->
## 	 <link href="https://comtrade.un.org/css/bootstrap-3.3.7.min.css" rel="stylesheet" ...
## ...

Boom!

The expr param to httr:::with_config() can be any function call or a {} block with {httr} ops in it.

Thanks Captain.

I am desperate to get the app work but absolutely not sure how I can use httr::with_config().

I did have a look at the its very brief documentation and can only think it might have to do with add_header() or set_cookies() or authenticate().

I will be waiting for the certificate to be updated then if no other legitimate means.

Thanks heaps!!

Thanks Captain.

I just tried your way however even without the hack.

after running getf() in my R console, I get the following right away.

The problem is that I can run ct_search() perfectly from my R console but not if the function is built in a shiny app.

> getf <- function() {
+    httr::GET("comtrade.un.org")
+ }
> getf()
Response [https://comtrade.un.org/]
  Date: 2020-06-05 03:02
  Status: 200
  Content-Type: text/html
  Size: 64.1 kB
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8"/>
    <title>UN Comtrade | International Trade Statistics Database</title>
    <meta name="DESCRIPTION" content="United Nations Comtrade Database - International Trade Statistics - Import/Export Data" />
    <meta name="KEYWORDS" content="trade, trade data, imports, exports, world trade, international trade, trade statistics, commodit...
    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
    <!--<link href="css/bootstrap.min.css" rel="stylesheet" media="screen">-->
	 <link href="https://comtrade.un.org/css/bootstrap-3.3.7.min.css" rel="stylesheet" media="screen"/>
...