Installing grafana Plugin Error

Hi Guys, so my configuration is in a VM we have a docker container for grafana and when i login to grafana and try to install the discrete panel plugin it throws me the following error:

grafana-cli plugins install natel-discrete-panel
Failed to send requesterrorGet https://grafana.net/api/plugins/repo/natel-discrete-panel: x509: certificate signed by unknown authority
Error: â Failed to send request. error: Get https://grafana.net/api/plugins/repo/natel-discrete-panel: x509: certificate signed by unknown authority

if you run the following command, what do you see?

curl -v https://grafana.net/api/plugins/natel-discrete-panel/versions/0.0./download

When I run it, I see this:

* Connected to grafana.net (107.178.222.220) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*        subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=grafana.com
*        start date: 2017-01-11 00:00:00 GMT
*        expire date: 2018-01-11 23:59:59 GMT
*        subjectAltName: grafana.net matched
*        issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*        SSL certificate verify ok.
> GET /api/plugins/natel-discrete-panel/versions/0.0.4/download HTTP/1.1
> User-Agent: curl/7.35.0
> Host: grafana.net
> Accept: */*
>
< HTTP/1.1 302 Found
* Server nginx/1.10.2 is not blacklisted
< Server: nginx/1.10.2
< Date: Tue, 16 May 2017 07:02:40 GMT
< Content-Type: application/json; charset=utf8
< Content-Length: 151
< Connection: keep-alive
< Set-Cookie: toggles=%7B%22ui-wp-upgrade%22%3Atrue%7D; Max-Age=86400; Path=/
< location: https://codeload.github.com/NatelEnergy/grafana-discrete-panel/legacy.zip/39a4eb44ab7f8d082478050058ead371a12aa5e2
<
{
  "url": "https://codeload.github.com/NatelEnergy/grafana-discrete-panel/legacy.zip/39a4eb44ab7f8d082478050058ead371a12aa5e2",
  "downloads": 73092
* Connection #0 to host grafana.net left intact

i dont have curl installed on my Grafana container.
when i try running the above command inside the grafana container it throws me this ERR
bash: curl: command not found
Also when o run it on the VM i see this:
curl -v https://grafana.net/api/plugins/natel-discrete-panel/versions/0.0./download

CONNECT grafana.net:443 HTTP/1.1
Host: grafana.net:443
User-Agent: curl/7.35.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection Established
< Proxy-Connection: close
<

  • Proxy replied OK to CONNECT request
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS alert, Server hello (2):
  • SSL certificate problem: unable to get local issuer certificate
  • Closing connection 0
    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

i dont have curl installed on my Grafana container.
when i try running the above command inside the grafana container it throws me this ERR
bash: curl: command not found
Also when o run it on the VM i see this:
curl -v https://grafana.net/api/plugins/natel-discrete-panel/versions/0.0./download

CONNECT grafana.net:443 HTTP/1.1
Host: grafana.net:443
User-Agent: curl/7.35.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection Established
< Proxy-Connection: close
<

  • Proxy replied OK to CONNECT request
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS alert, Server hello (2):
  • SSL certificate problem: unable to get local issuer certificate
  • Closing connection 0
    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here: http://curl.haxx.se/docs/sslcerts.html
    curl performs SSL certificate verification by default, using a "bundle"
    of Certificate Authority (CA) public keys (CA certs). If the default
    bundle file isn’t adequate, you can specify an alternate file
    using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
    the bundle, the certificate verification probably failed due to a
    problem with the certificate (it might be expired, or the name might
    not match the domain name in the URL).
    If you’d like to turn off curl’s verification of the certificate, use
    the -k (or --insecure) option.

Looks like a proxy or firewall problem then.

Can you curl another https site, like https://twitter.com/ and see if you get a similar error.

It could be the firewall blocking it or your proxy that has a problem with its root cert. The grafana cert is from Comodo which is a trusted Certificate Authority.

So first i tried to do CURL on VM:
root@ip-10-205-79-78:~# curl https://twitter.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
ALSO as said earlier i cant do it on the Grafana container as curl isn’t installed .

It is probably the same error - that your VM cannot verify any SSL cert. You can either try and fix your firewall/proxy problems or you could install the plugin manually:

http://docs.grafana.org/plugins/installation/#installing-plugins-manually

yeah i mean i earlier went thru the documented link and tried to manually do that but still doesnt allow me to and that shud be cause of proxy again

You are not able to download the plugin zip file manually and copy it into your Grafana docker instance?

Because of the proxy am not able to get to Github and download the zip file.

Can I do anything to help here? Maybe you should talk to your IT or Operations team?

If your proxy settings are so strict that you cannot download anything from the Internet then it will be hard to install a plugin.

Here is the direct url to the download: https://grafana.com/api/plugins/natel-discrete-panel/versions/0.0.4/download

Maybe your IT department can download it for you?

1 Like