Create new user returns 500 error

1. What is the problem? Be very detailed.
Creating a new web user or resetting a user password returns error:
Something went wrong: error code 500.

It is possible to update the Display Name in the user profile, however attempting to change the email address generates a 500 error.

It is also possible to create new users and set passwords from the shell using
docker-compose exec service odk-cmd --email user.name@domain.com user-create

Issue started at some point between 14 July and 3 August.
Service log reports Error: certificate has expired (see below), however external SSL is valid.

2. What app or server are you using and on what device and operating system? Include version numbers.
Same issue on three servers:
ODK Central 1.2.0. / Ubuntu 20.04 LTS
ODK Central 1.2.2. / Ubuntu 18.04 LTS
ODK Central 1.2.0. / Ubuntu 16.04 LTS

All three servers are using a custom SSL. Otherwise vanilla installations.

~/central$ cat .env
# Use fully qualified domain names. Set to DOMAIN=local if SSL_TYPE=selfsign.
DOMAIN=<FQDN here>
# Used for Let's Encrypt expiration emails and Enketo technical support emails
SYSADMIN_EMAIL=<my email address>
# Options: letsencrypt, customssl, upstream, selfsign
SSL_TYPE=customssl
# Do not change if using SSL_TYPE=letsencrypt
HTTP_PORT=80
HTTPS_PORT=443

3. What you have you tried to fix the problem?
Replacing the custom SSL certificate (from new external CA)
Reboot, OS update (apt-get update/upgrade) and rebuild (docker-compose build)

4. What steps can we take to reproduce the problem?

5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.

image

image

~/central$ docker-compose logs service

service_1             | ::ffff:172.18.0.9 - - [10/Aug/2021:09:36:09 +0000] "GET /v1/assignments/admin HTTP/1.0" 200 359
service_1             | Error: certificate has expired
service_1             |     at TLSSocket.onConnectSecure (_tls_wrap.js:1317:34)
service_1             |     at TLSSocket.emit (events.js:203:13)
service_1             |     at TLSSocket.EventEmitter.emit (domain.js:494:23)
service_1             |     at TLSSocket._finishInit (_tls_wrap.js:792:8)
service_1             |     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:606:12) {
service_1             |   code: 'ESOCKET',
service_1             |   command: 'CONN'
service_1             | ::ffff:172.18.0.9 - - [10/Aug/2021:09:36:41 +0000] "POST /v1/users HTTP/1.0" 500 372

Any help appreciated.

Is the date/time on your server accurate? How do you know your customssl certificate hasn't expired? What about your mail server cert?

1 Like

Thanks for the questions.
While the server time and customssl status are all good, the mail server cert does appear to be the problem. Many thanks for suggesting this.