Taskserver troubleshooting
If you see errors during statistics or synchronization requests, you may consider the following notes.
Server Errors
The server may generate many errors (See Protocol), but the following is a list of the ones most in need of special handling:
200 Success 201 No change 301 Redirect 430 Access denied 431 Account suspended 432 Account terminated 5xx ErrorThe 200 indicates success, and that a change was recorded. The 201 indicates success but no changes were necessary. The 301 is a redirect message indicating that the client MUST re-request from a new server. The 43x series messages are account-related. Any 5xx series code is a server error of some kind. All errors consist of a code and a status message.
- https://gothenburgbitfactory.github.io/taskserver-troubleshooting/
- https://taskwarrior.org/docs/design/protocol.html
- https://taskwarrior.org/docs/taskserver/setup.html
The following is from https://github.com/GothenburgBitFactory/taskwarrior/blob/v2.5.3/src/commands/CmdSync.cpp#L274-L278.
else if (code == "201")
{
Context::getContext ().footnote ("Sync successful. No changes.");
status = 0;
}The following is from https://github.com/GothenburgBitFactory/taskwarrior/blob/v2.5.3/src/commands/CmdSync.cpp#L287-L291.
else if (code == "430")
{
Context::getContext ().error ("Sync failed. Either your credentials are incorrect, or your account doesn't exist on the Taskserver.");
status = 2;
}Here's what a successful call to statistics
(
)
may result in.
Specifying the wrong port could result in a long wait and then the following.
SocketException: OS Error: Operation timed out, errno = 60, address = example.info, port = 58698
No internet connection could result in the following.
SocketException: Failed host lookup: 'example.info' (OS Error: nodename nor servname provided, or not known, errno = 8)
If the OS APIs can't verify the server certificate with your CA file, you might see the following:
Issues with your client certificate or key might result in something like the following:
If the CA configured on your Taskserver do not match the client cert/key pair configured on your client, the server may send a response of an empty list of bytes, which may result in the following:
Incorrect credentials could result in the following error message:
From https://github.com/GothenburgBitFactory/taskserver/tree/v1.1.0/pki:
Note, you can inspect any cert with the command:
$ gnutls-certtool -i --infile $CERT
Validate a certificate with:
$ gnutls-certtool --verify --infile client.cert.pem --load-ca-certificate ca.cert.pem
Examples:
> certtool --verify --infile <server.cert> --load-ca-certificate <ca.cert>
> certtool --verify --infile /etc/letsencrypt/live/<domain>/fullchain.pemNotes adapted from https://taskwarrior.org/support/faq.html#q12.
sudo certbot certonly # interactive prompts, or use:
# sudo certbot certonly --standalone -m $email --agree-tos --no-eff-email -d $domain
sudo chmod 0755 /etc/letsencrypt/{live,archive} # https://certbot.eff.org/docs/using.html?highlight=renew#where-are-my-certificates
# review link to provide access to privkey1.pem
cd $pki
./generate
./generate testing_account# $TASKDDATA/config
ca.cert = /path/to/pki/generated/files/ca.cert.pem
server.cert = /etc/letsencrypt/live/$domain/fullchain.pem
server.key = /etc/letsencrypt/live/$domain/privkey.pemCheck taskd diagnostics and make sure privkey.pem is readable. If
not, review
https://certbot.eff.org/docs/using.html?highlight=renew#where-are-my-certificates.
# $HOME/.taskrc
taskd.certificate = $home/.task/testing_account.cert.pem
taskd.key = $home/.task/testing_account.key.pem
# taskd.ca = $home/.task/isrgrootx1.pem
taskd.server = $domain:53589Contents of isrgrootx1.pem are from
https://letsencrypt.org/certificates/.