4

I am having difficulty with a GET call that pings the US Naval Observatory API. This request was previously working, but now is failing for unknown reasons.

Here's the request:

library(httr)

#ping API
try(RETRY("GET", url = "http://api.usno.navy.mil/rstt/oneday?date=07/10/2018&coords=41.2792778,%20-96.06442261&tz=-5", times = 20))

#ERROR MESSAGE (request always times out with error)
#Error in curl::curl_fetch_memory(url, handle = handle): SSL certificate problem: #unable to get local issuer certificate
#Request failed [ERROR]. Retrying in 1 seconds...

I am running R v3.5.1 and RStudio v1.1.463. Curl is v3.2 and httr is v1.3.1.

What I have tried for troubleshooting that did not work:

  • Double-checking US Naval Observatory API documentation to make sure the request is still correct/up-to-date (it is).
  • Installing a previous version of R (v.3.4.4) that this call worked on (no change).
  • Updating to latest version of RStudio (v.1.1.463, no change)
  • Solution listed at this site (quantmod - SSL: unable to get local issuer certificate in R) which made no change. This is the only relevant thread for this error in R I could find online.

Any ideas fellow R users? Any help or points in the right direction is greatly appreciated!

griffmer
  • 357
  • 2
  • 9
  • It looks like the website might now require https and is signed with a certificate signer that doesn't seem to be commonly trusted. So it's probably a change on the server end, and not anything you can control. (I get a security warning in Chrome if i try to visit the URL). You might have to mess around with SSL certificates by hand to get it to work. – MrFlick Dec 05 '18 at 18:05
  • Thanks for the feedback. Was hoping you could help me understand - where would I play with the SSL certificates? Is this within R or elsewhere? Thank you for the help! – griffmer Dec 05 '18 at 19:20
  • Try looking at these questions for advice: https://stackoverflow.com/questions/33913916/get-site-content-over-ssl-with-httr-in-r and https://stackoverflow.com/questions/17411313/ssl-verification-causes-rcurl-and-httr-to-break-on-a-website-that-should-be-le and https://stackoverflow.com/questions/22048703/rcurl-and-self-signed-certificate-issues – MrFlick Dec 05 '18 at 19:43

3 Answers3

0

After some searching, found the answer. The API switched from http -> https, which caused the SSL error. Fixed by setting this parameter to httr before running "GET": 

httr::set_config(config(ssl_verifypeer = 0L))

So if you modify the above API call like this, it works: 

library(httr)
httr::set_config(config(ssl_verifypeer = 0L))

#ping API
try(RETRY("GET", url = "https://api.usno.navy.mil/rstt/oneday?date=07/10/2018&coords=41.2792778,%20-96.06442261&tz=-5", times = 20))

Hope this helps someone!

griffmer
  • 357
  • 2
  • 9
  • 1
    it looks like you're just disabling the certificate checking, is that right? If so, that's hardly a satisfying resolution to the problem... – John Clements Jan 08 '19 at 01:12
0

I had the same problem with this website. The error I was receiving was "java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.".

Several of the US Department of Defense (DOD) related websites are transitioning from http to https. This website made the transition at the end of November of 2018. The problem relates to the fact that the DOD SSL certificates are not signed by a normal trusted authority (checking against Mozilla's root store). Just adding the traditional publicly available DOD Certificates did not fix the problem.

On January 31, 2019, I was notified by their help desk that they have now installed commercially recognized certificates. After retesting my code (after removing some security bypasses), I no longer have any SSL errors and all appears to be working as expected.

mtdavem
  • 441
  • 1
  • 7
  • 17
0

sudo apt-get install ca-certificates was all I needed to do on Ubuntu to fix it.

Kasper Skytte Andersen
  • 591
  • 5
  • 13