Error connecting to CertStream - Handshake status 521 None

[maaaaz]

Hello there,

Since today, Tuesday December 5 04:27:42 UTC 2023, certstream-python can not connect to certstream:

# pip install certstream
Collecting certstream
  Downloading certstream-1.12.tar.gz (9.6 kB)
  Preparing metadata (setup.py) ... done
Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (from certstream) (1.1.0)
Requirement already satisfied: websocket-client>=0.58.0 in /usr/local/lib/python3.11/dist-packages (from certstream) (0.59.0)
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from websocket-client>=0.58.0->certstream) (1.16.0)
Building wheels for collected packages: certstream
  Building wheel for certstream (setup.py) ... done
  Created wheel for certstream: filename=certstream-1.12-py3-none-any.whl size=4728 sha256=9d6e4c0ec98f7beb282199f9511f3bbf58d9d79fb2f2ac49d0fc71130483301d
  Stored in directory: /sec/root/.cache/pip/wheels/88/02/89/d6a96184779630f955590660a4d2ad038ff39c9c4e7a77d9c1
Successfully built certstream

# certstream
[ERROR:certstream] 2023-12-05 11:04:32,394 - Error connecting to CertStream - Handshake status 521 None - Sleeping for a few seconds and trying again...

And a visit to https://certstream.calidog.io/ returns a CloudFlare 521 error:

Any insight about the recovery of this awesome service ?

Cheers.

[r0bb3d]

Noticed here as well, relying heavily on this service. Hope Calidog manages to get the server back up!

[maaaaz]

Do you know some alternative instances of certstream-server not being the official one "certstream.calidog.io" ?

Another solution could be to setup ourself an instance of a certstream server, either the official one; or the promising alternative https://github.com/d-Rickyy-b/certstream-server-go

EDIT :
As I am using certstream in a github action workflow, I added a custom instanciation of a local alternative server with this snippet:

cd /tmp/
wget -nv "https://github.com/d-Rickyy-b/certstream-server-go/releases/download/v1.4.0/certstream-server-go_1.4.0_linux_amd64" && chmod u+x ./certstream-server-go_1.4.0_linux_amd64

cat > /tmp/config.yaml <<EOL
 webserver:
  listen_addr: "127.0.0.1"
  listen_port: 8080
  full_url: "/full-stream"
  lite_url: "/"
  domains_only_url: "/domains-only"
  cert_path: ""
  cert_key_path: ""

prometheus:
  enabled: false
  listen_addr: "0.0.0.0"
  listen_port: 8080
  metrics_url: "/metrics"
  expose_system_metrics: false
  real_ip: false
  whitelist:
    - "127.0.0.1/8"
EOL

nohup ./certstream-server-go_1.4.0_linux_amd64 > nohup.out 2> nohup.err < /dev/null &

certstream --url ws://127.0.0.1:8080

See appleboy/ssh-action#40 (comment) for the nohup magic.

[r0bb3d]

Good stuff, thanks for pointing us in the right direction!

[0xDAV1D-1]

Really appreciate this thread! Saved me a bunch of time after needing to migrate as well.

[maaaaz]

Seems like the certstream service has been repaired.

[maaaaz]

Service down again, cf. #62

[mrtipale]

Server went down from 3rd Feb 2024. Seems subscription was for only 1 year exactly.

Many thanks for this alternative. Go server works fine.
You can change ip bind as you need. below will keep it for local use only:

webserver:
  listen_addr: "127.0.0.1"
  listen_port: 8080

ofc, monitoring over prometheus is optional. Try it out locally and should solve your problem.