refactor: migrate to official nextra i18n and native navigation

2026-01-26 21:41:54 +07:00 · 2026-01-09 08:22:46 +07:00
parent 0817284eae
commit 9ce5d01315
54 changed files with 980 additions and 15 deletions
--- a/pages/en/guide/troubleshooting/_meta.json
+++ b/pages/en/guide/troubleshooting/_meta.json
@@ -0,0 +1,4 @@
+{
+    "browser-errors": "Common Browser Errors",
+    "developer-tools": "CLI & Language Support"
+}
--- a/pages/en/guide/troubleshooting/browser-errors.mdx
+++ b/pages/en/guide/troubleshooting/browser-errors.mdx
@@ -0,0 +1,43 @@
+import { Callout, Cards, Card } from 'nextra/components'
+import { AlertTriangle, Globe, Calendar, XCircle, HelpCircle } from 'lucide-react'
+
+# Common Browser Errors
+
+When using internal certificates, browsers are very strict. Below are the most common error codes and how to resolve them.
+
+### `NET::ERR_CERT_AUTHORITY_INVALID`
+
+<Callout type="error" emoji={<AlertTriangle className="w-5 h-5" />}>
+  **The Logic:** The browser simply **does not know** the "TrustLab Root CA" that signed your website's certificate, so it assumes it's fake.
+</Callout>
+
+**Solution:**
+You have not installed the Root CA on your device yet.
+*   [**Install Root CA Guide**](/guide/getting-started/install-root-ca)
+
+---
+
+### `NET::ERR_CERT_COMMON_NAME_INVALID`
+
+<Callout type="warning" emoji={<Globe className="w-5 h-5" />}>
+  **The Logic:** You are visiting `app.local`, but the certificate was only issued for `api.local`. The names **do not match**.
+</Callout>
+
+**Solution:**
+The domain is missing from the certificate's **SANs (Subject Alternative Names)**.
+1.  Click the **"Not Secure"** icon > **Certificate**.
+2.  Check the **DNS Name** or SAN field.
+3.  If missing, you must **[Generate a New Certificate](/guide/certificates/request-new)** that includes the correct domain.
+
+---
+
+### `NET::ERR_CERT_DATE_INVALID`
+
+<Callout type="info" emoji={<Calendar className="w-5 h-5" />}>
+  **The Logic:** The certificate has expired, OR your computer's clock is set to the wrong date (past/future).
+</Callout>
+
+**Solution:**
+1.  Check your system clock first.
+2.  If the clock is correct, the certificate is truly expired.
+3.  **[Renew the Certificate](/guide/certificates/renewal)** immediately.
--- a/pages/en/guide/troubleshooting/developer-tools.mdx
+++ b/pages/en/guide/troubleshooting/developer-tools.mdx
@@ -0,0 +1,97 @@
+import { Callout, Steps } from 'nextra/components'
+import { Terminal, Code, Server, Download } from 'lucide-react'
+
+# CLI & Language Issues
+
+Even if you installed the Root CA on your operating system, many developer tools and programming languages **ignore the system store** and use their own.
+
+<Callout type="info" emoji={<Download className="w-5 h-5" />}>
+  **Prerequisite:**
+  You must have the **`trustlab-root.crt`** file downloaded on your machine first.
+  [Download it here](/guide/getting-started/install-root-ca).
+</Callout>
+
+If your code or scripts are failing with certificate errors, check the solutions below.
+
+## 1. cURL & Wget
+
+Standard command-line tools often look for a specific bundle file.
+
+### cURL
+<Callout type="error" emoji={<Terminal className="w-5 h-5" />}>
+  `curl: (60) SSL certificate problem: unable to get local issuer certificate`
+</Callout>
+
+**Solution:**
+Pass the Root CA explicitly:
+```bash
+curl --cacert /path/to/trustlab-root.crt https://your-domain.local
+```
+
+### Wget
+**Solution:**
+```bash
+wget --ca-certificate=/path/to/trustlab-root.crt https://your-domain.local
+```
+
+---
+
+## 2. Node.js / JavaScript
+
+Node.js does not use the System Root CA by default.
+
+<Callout type="error" emoji={<Server className="w-5 h-5" />}>
+  `Error: self signed certificate in certificate chain`
+</Callout>
+
+**Solution (Environment Variable):**
+Set this variable before running your application. It works for most Node.js apps (npm, yarn, custom scripts).
+
+```bash
+export NODE_EXTRA_CA_CERTS="/path/to/trustlab-root.crt"
+node server.js
+```
+
+---
+
+## 3. Python (Requests/Pip)
+
+Python's `requests` library (and `pip`) uses its own certificate bundle (`certifi`), ignoring Windows/macOS/Linux system stores.
+
+<Callout type="error" emoji={<Code className="w-5 h-5" />}>
+  `SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed'))`
+</Callout>
+
+**Solution:**
+Point to your Root CA using an environment variable.
+
+```bash
+export REQUESTS_CA_BUNDLE="/path/to/trustlab-root.crt"
+python script.py
+```
+
+---
+
+## 4. Java Applications
+
+Java uses a proprietary "Keystore" (JKS) and typically **ignores** the Windows Certificate Store.
+
+<Callout type="error" emoji={<Code className="w-5 h-5" />}>
+  `sun.security.validator.ValidatorException: PKIX path building failed`
+</Callout>
+
+**Solution:**
+You must import the TrustLab Root CA into the Java Keystore (cacerts).
+
+<Steps>
+### Locate standard cacerts
+Usually at `$JAVA_HOME/lib/security/cacerts`.
+
+### Import with keytool
+```bash
+keytool -import -trustcacerts -alias trustlab-root \
+  -file trustlab-root.crt \
+  -keystore "$JAVA_HOME/lib/security/cacerts"
+```
+*Default password is typically `changeit`.*
+</Steps>