How to make rasa core service communicate with action service over https

Question

Earlier, in the endpoints.yml file I have given the below mentioned lines and the core was able to connect and communicate with action service.

action_endpoint:
 url: "http://rasa-action.company.com:5055/webhook"

But when I enabled https on action server and gave the endpoint as "https://rasa-action.company.com:5055/webhook" I'm getting below error in core service logs:

raise ClientConnectorCertificateError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host rasa-action.company.com:5055 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')]

Failed to execute custom action 'action_retrieve_username'. Couldn't connect to the server at 'https://rasa-action.company.com:5055/webhook.

And when I curl the action service url from the core server, I see below error:

$ curl https://rasa-action.company.com:5055/health 
curl: (77) error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs

I have enabled https on core following these instructions from rasa-run-for-https and core service is working as expected. Also from the infra end I verified everything.

$ curl https://rasa-action.company.com:5055/health
{"status":"ok"}

**Action service logs:**
2023-02-18 11:23:15 INFO     rasa_sdk.endpoint  - Starting action endpoint server...
2023-02-18 11:23:15 INFO     rasa_sdk.executor  - Registered function for 'action_retrieve_username'.
2023-02-18 11:23:15 INFO     rasa_sdk.executor  - Registered function for 'validate_forgot_username_form'.
2023-02-18 11:23:16 INFO     rasa_sdk.endpoint  - Action endpoint is up and running on https://0.0.0.0:5055

Please let me know if I'm missing any configuration settings?

Answer 1

The problem is about the self signed certificate.

I'm not a Python developer, but let me say that in NodeJS for instance you must set a specific environment variable to tell NodeJS to ignore the error of self signed certificates (and you do that on dev env only)

Probably there is something similar for Python too.