Posit products - Fixing SSL licensing issues with a "Connection to the server failed" error

Avatar
Ian Pylvainen
Follow

NOTE: The instructions below are only applicable when activating with a license key.  License file activation is preferred as it will eliminate this class of error.  See the appropriate admin guide for more detail on how to activate with a license file. 

If you see an error message with Connection to the server failed while trying to activate or deactivate your license key for Posit Workbench, Shiny Server Pro, Posit Package Manager or Posit Connect; then, this indicates that there's an issue with your server not being able to contact our licensing server. This is most common if your server is not connected to the Internet, or if it's behind some kind of firewall or proxy.  It could also be an issue with certificates. This article deals with fixing the error due to cerficates

While deactivating a license key for Posit Connect, Workbench or Package Manager, you may receive this error message: 

Error deactivating product key: (4): Connection to the server failed. Ensure that you have a working internet connection, you've configured any required proxies, and your system's root CA certificate store is up to date; see https://rstudio.org/links/licensing_ssl for more information 

This may require an update to your list of trusted certificates. Below are some generic instructions to do so. Please note that updating trusted certificates is outside of our products and the exact steps needed may vary depending on your environment. If you have any questions, we recommend contacting your system administrators or networking team for assistance.  This User Guide link has references for trusted certificate handling for the main Operation Systems. 

 

Example commands

Updating the Trusted Certificates

     To update on CentOS / RHEL:

 sudo yum update ca-certificates

     To update on Debian/Ubuntu:

 sudo apt-get install --reinstall ca-certificates

 

Manually Installing the CA Certificate

To retrieve the root CA and store to rstudio-license.crt, use the following command from the shell.

echo | openssl s_client -showcerts -connect wyday.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | tail -n 32 > rstudio-license.crt

 

 On RHEL 8 & 9:

  1. Enable the dynamic CA configuration feature by running:

    sudo update-ca-trust enable

  2. Copy the CA certificate to the directory /etc/pki/ca-trust/source/anchors/:

    sudo cp rstudio-license.crt /etc/pki/ca-trust/source/anchors/

  3. Extract and add the CA certificate to the list of trusted CA's:

    update-ca-trust extract

 On Debian  / Ubuntu :

  1. Go to /usr/share/ca-certificates/ and create a new folder:

    sudo mkdir /usr/share/ca-certificates/rstudio

  2. Copy the CA certificate to the directory /usr/share/ca-certificates/rstudio:

    sudo cp rstudio-license.crt /usr/share/ca-certificates/rstudio/

  3. Ensure the permissions are 755 for the folder and 644 for the .crt file.  

  4. Then, Extract and add the CA certificate to the list of trusted CA's:

    sudo update-ca-trust extract

Comments