Arc blind trusting domains and cert errors

I was following instructions from here: ◉ Troubleshooting HTTPS

On running:

$ arc set-config https.blindly-trust-domains '["reviews.llvm.org"]'
[2021-10-12 10:15:31] EXCEPTION: (TypeError) Argument 1 passed to ArcanistBlindlyTrustHTTPEngineExtension::setDomains() must be of the type array, string given, called in /opt/arcanist/scripts/arcanist.php on line 304 at [<arcanist>/src/configuration/ArcanistBlindlyTrustHTTPEngineExtension.php:10]
arcanist(head=master, ref.master=a028291f8e5e)
  #0 ArcanistBlindlyTrustHTTPEngineExtension::setDomains(string) called at [<arcanist>/scripts/arcanist.php:304]

Does the syntax above need an update?

The reason I was overriding the check above is that all of a sudden I’ve started seeing:

$ arc diff --trace
 ARGV  /opt/arcanist/bin/arc diff --trace
>>> [1] (+0) <exec> $ php -f /opt/arcanist/scripts/arcanist.php -- diff --trace
 ARGV  /opt/arcanist/scripts/arcanist.php diff --trace
 LOAD  Loaded "arcanist" from "/opt/arcanist/src".
Config: Reading user configuration file "/home/uday/.arcrc"...
Config: Did not find system configuration at "/etc/arcconfig".
Working Copy: Reading .arcconfig from "/home/uday/llvm-project-upstream/.arcconfig".
Working Copy: Path "/home/uday/llvm-project-upstream/mlir" is part of `git` working copy "/home/uday/llvm-project-upstream".
Working Copy: Project root is at "/home/uday/llvm-project-upstream".
Config: Did not find local configuration at "/home/uday/llvm-project-upstream/.git/arc/config".
>>> [1] (+0) <http> https://reviews.llvm.org/api/user.whoami
<<< [1] (+492) <http> 492,477 us

[2021-10-12 10:21:14] EXCEPTION: (HTTPFutureCURLResponseStatus) [cURL/60] (https://reviews.llvm.org/api/user.whoami) <CURLE_SSL_CACERT> There was an error verifying the SSL Certificate Authority while negotiating the SSL connection. This usually indicates that you are using a self-signed certificate but have not added your CA to the CA bundle. See instructions in "arcanist/resources/ssl/README". at [<arcanist>/src/future/http/HTTPSFuture.php:520]
arcanist(head=master, ref.master=a028291f8e5e)
  #0 Future::updateFuture() called at [<arcanist>/src/future/FutureProxy.php:35]
  #1 FutureProxy::isReady() called at [<arcanist>/src/future/Future.php:63]
  #2 Future::updateFuture() called at [<arcanist>/src/future/FutureIterator.php:224]
  #3 FutureIterator::next() called at [<arcanist>/src/future/FutureIterator.php:190]
  #4 FutureIterator::rewind()
  #5 iterator_to_array(FutureIterator) called at [<arcanist>/src/future/FutureIterator.php:84]
  #6 FutureIterator::resolveAll() called at [<arcanist>/src/future/Future.php:47]
  #7 Future::resolve() called at [<arcanist>/src/conduit/ConduitClient.php:65]
  #8 ConduitClient::callMethodSynchronous(string, array) called at [<arcanist>/src/workflow/ArcanistWorkflow.php:491]
  #9 ArcanistWorkflow::authenticateConduit() called at [<arcanist>/scripts/arcanist.php:381]
<<< [1] (+529) <exec> 529,194 us
$  arc version
arcanist a028291f8e5e79b6446ad67ed8b0be9c5ec8f029 (17 Sep 2021)

I don’t see this behavior on other systems which makes me believe it is some interaction between PHP utils, ssh and arcanist that has caused this. I’m happy to provide information to help diagnose. Thanks!

This is related to the expiration of a Lets Encrypt root certificate (likely)

See this task on the Phorge Fork of Phabricator - ⚓ T15051 default.pem in Arcanist is out of date

If you are on Ubuntu - you can update your certificate package ca-certificates If on Centos you must update a pem file - (See the ⚓ T15051 default.pem in Arcanist is out of date)