ERROR contact:service ping satellite failed. tls peer certificate verification error: not signed by any CA in the whitelist: CA cert

How did you setup port forwarding… TCP and UDP or only TCP(by manual) i have TCP and UDP and no issue…

1 Like

Hello @jpiix
Welcome to the forum!

Please, check that you use the same identity as before and it’s signed:
Since you changed path to the identity, please update it in the checking command too.

Please, update your storagenode to the latest version:
And configure automatic updates:

Please, configure to track your online status.

already have its only shown downtime on the 2 occasions the node was restarted and when i reinstalled

What is your router?
Do you have some antivirus or firewall (except usual Defender)?
And also, is your identity signed?
Please, use the same path as in the config.yaml if this is a Windows GUI or other binary version or --mount option if it’s a docker version.

hello @Alexey i have redo : Confirm the identity step.
And now it’s ok . One ca.cert was missing !

There are no error in the log


1 Like

asus router i did consider the known issue but seems everything is fine i have uptime robot setup from when i started the node and its showing only down time as when i manually had it off also even when i get those errors i am still getting data move in and out i may upload the full log as its a really strange issue 1 min its a wall of errors the next its 20mbps activity with a few errors mixed in then it goes back to errors and no data i will have a better look at everything later tonight when i am off work

Please, check that your identity folder contains all 6 files.

yes it has all 6 files was one of the first things I checked

It does not have no one audit and not checked-in on any satellites except us2.
If you have a backup of the identity I would recommend to restore it from backup and sign it with a new authorization token.
If you do not have a backup, then I would like to suggest you to remove this identity and its data and create a new one, sign it with a new authorization token and start with clean storage.

I never replaced the identity only the instalation files that are the same each install I have had data moving all day and my balance going up I don’t really want to mess with it while it’s working if you think i should just bin my progress I will probably not bother with storj as all instructions for instalation were followed to the letter and I have seen plenty of data my only concern is the node errors and it makes no sense that it works fine on 1 node and not the others

Please, at least check your identity: and post results.
Because at the moment your node have data only from customers of the us2 satellite.

i think that was the 3rd thing i tried and it was fine would it not also have kicked me on that node if there was some issue with identity ?

you have access to my email address send me an email and i will give you access to the machine running the node if you really want to dig into it

It is online only on us2. This is concerns me. Perhaps we have a bug in the us2 setup which allows to connect with unsigned or broken identity.
But even then it has 0.72 online score on that satellite and 0% on others.

Do you have a backup of the identity? If so, please, try to replace your current one with identity from the backup and then sign it with a new authorization token.

I would like to suggest you to create a new identity, sign it and setup a second node on the 28968 port. Then we can compare results.
Maybe it’s some aggressive firewall or antivirus which blocks an access from the satellites but I doubt it - the error

does not leave me a choice - this is clearly states that your identity is not signed or broken.

Please, give me result of the check, include command which you called:

the node was created using then only thing different is the drive letter

right now its about 25% blobs and the rest 2021-02-23T02:05:49.185Z ERROR contact:service ping satellite failed {“Satellite ID”: “12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S”, “attempts”: 9, “error”: “ping satellite error: failed to dial storage node (ID: 125ue2JQzRLbWDrizixbNDJkzkn2N1wgQDWxSHTg6waLTTngJmN) at address rpc: tls peer certificate verification error: not signed by any CA in the whitelist: CA cert”, “errorVerbose”: “ping satellite error: failed to dial storage node (ID: 125ue2JQzRLbWDrizixbNDJkzkn2N1wgQDWxSHTg6waLTTngJmN) at address rpc: tls peer certificate verification error: not signed by any CA in the whitelist: CA cert\n\*Service).pingSatelliteOnce:141\n\*Service).pingSatellite:95\n\*Chore).updateCycles.func1:87\n\*Cycle).Run:92\n\*Cycle).Start.func1:71\n\*Group).Go.func1:57”}

honestly this is way to much drama for the 5p i have accumulated on the node you guys need to make this way more simple to setup and trouble shoot if i am getting all this from following the install instructions to the letter

every time i try the things you say it just adds downtime i dont want to lose the 30gb i have stored or get kicked from only node that works and i honestly think that if i had another node it would do the same if its the same instructions

this is installed on a fresh copy of windows 10 64 bit windows firewall has the port forwarded same for the router and this is on a 1gb/1gb connection

if your sure i have an issue and its not the network i will just wipe everything and wait until you guys have a simple .exe install because even with a reasonable amount of experience and following the guides to the letter it does not work how you intend

We have thousands of operators, who successfully setup and run Windows nodes, so I can assume that it’s doable.
The error you reported is similar to error from @jpiix:

and the reason was a broken identity

This is why I asked you to check it again, even if it was checked before. I do not know, how is it messed up in your case, but now your node working only with us2 satellite and offline on others.
So, if you followed the instruction you should have a backup of the identity. Please, restore your identity from that backup and sign it with a new authorization token - this should fix a broken parts and your NodeID will not change, thus you will not lose anything.

However, if you do not have a backup, I would like to suggest you to create a new identity with name storagenode2 and install the second node with a different external port.
Since your first broken node is a Windows GUI node, you should use a Docker version for the second node or Windows Toolbox made by @Vadim, it’s not officially supported, but it’s allow you to setup more than one Windows GUI node.

Please, give me result of the command in PowerShell

ls "$env:AppData\Storj\Identity\storagenode"

i will start again from scratch if its the same again i will just bail on this i have had a friend of mine that is way better than me at this stuff take a look and he cant see anything wrong he will be watching the install for the 2nd node to double check its correct

You can do not erase anything. Uninstall the GUI, generate a new identity with a different name and install the GUI point to a new second identity and the new folder on the disk. If it would work - then you can either try to fix the first identity or remove it and its data completely.

i am not going to start a 2nd node plus add the complexity of using extra software for a 2nd node i don’t want this one is already a pain to deal with

just to triple check i had my friend restore the identity backup and and create a new identity token its still exactly the same so if your still sure issue is my end i will walk away now because either my node is somehow broken in a way that makes no sense or you have a server on your side that is not secure and is sending data when it shouldn’t either way it seems storj has an issue that needs solving again i am more than happy to provide team viewer or other access to the computer the node is on if you want to find the issue before i delete it