https://haskellstack.org is a popular build and install tool for Haskell software. It is an alternative to cabal, with a greater focus on repeatability and UX. It installs from known-compatible sets of packages (Stackage) when possible. ### Why do I see networking error messages when I try to use stack ? Some examples: <details> <summary>stack update -> certificate has unknown CA</summary> <pre> C:\Users\Simon>stack update Selected mirror https://hackage.haskell.org/ Downloading root HttpExceptionRequest Request { host = "hackage.haskell.org" port = 443 secure = True requestHeaders = [("Accept-Encoding",""),("User-Agent","Haskell pantry package")] path = "/root.json" queryString = "" method = "GET" proxy = Nothing rawBody = False redirectCount = 10 responseTimeout = ResponseTimeoutDefault requestVersion = HTTP/1.1 proxySecureMode = ProxySecureWithConnect } (InternalException (HandshakeFailed (Error_Protocol "certificate has unknown CA" UnknownCa))) </pre> </details> <details> <summary>stack new -> certificate has unknown CA</summary> <pre> C:\Users\Simon>stack new a Error: [S-8332] Stack failed to create project-level configuration file, as it was unable to download the index of available snapshots. This sometimes happens because Certificate Authorities are missing on your system. You can try the Stack command again or manually create the configuration file. For help about the content of Stack's configuration files, see (for the most recent release of Stack) http://docs.haskellstack.org/en/stable/configure/yaml/. While downloading the snapshot index, Stack encountered the following error: HttpExceptionRequest Request { host = "stackage-haddock.haskell.org" port = 443 secure = True requestHeaders = [("Accept","application/json"),("User-Agent","The Haskell Stack")] path = "/snapshots.json" queryString = "" method = "GET" proxy = Nothing rawBody = False redirectCount = 10 responseTimeout = ResponseTimeoutDefault requestVersion = HTTP/1.1 proxySecureMode = ProxySecureWithConnect } (InternalException (HandshakeFailed (Error_Protocol "certificate has unknown CA" UnknownCa))) </pre> </details> <details> <summary>stack build -> ConnectionTimeout</summary> <pre> $ stack build --verbose Version 3.1.1, Git revision d8cef4ea052430ea09ce7836c41e68b52d04fd73 x86_64 hpack-0.37.0 2025-01-26 23:50:27.712122: [debug] Checking for project config at: /home/fr33/Projects/playwright/stack.yaml 2025-01-26 23:50:27.712413: [debug] Loading project config file stack.yaml 2025-01-26 23:50:27.714984: [debug] Use of Casa server enabled: (CasaRepoPrefix "https://casa.stackage.org", 1280). 2025-01-26 23:50:27.717995: [debug] (SQL) SELECT COUNT(*) FROM "last_performed" WHERE ("action"=?) AND ("timestamp">=?); [PersistInt64 1,PersistUTCTime 2025-01-25 21:50:27.717953776 UTC] 2025-01-26 23:50:27.718585: [debug] Not reading lock file 2025-01-26 23:50:57.746686: [debug] Checking for project config at: /home/fr33/Projects/playwright/stack.yaml 2025-01-26 23:50:57.746982: [debug] Loading project config file stack.yaml 2025-01-26 23:50:57.749629: [debug] Use of Casa server enabled: (CasaRepoPrefix "https://casa.stackage.org", 1280). 2025-01-26 23:50:57.753190: [debug] (SQL) SELECT COUNT(*) FROM "last_performed" WHERE ("action"=?) AND ("timestamp">=?); [PersistInt64 1,PersistUTCTime 2025-01-25 21:50:57.753160973 UTC] 2025-01-26 23:50:57.753566: [error] Error: [S-775] Exception while reading snapshot from https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/22/43.yaml: HttpExceptionRequest Request { host = "raw.githubusercontent.com" port = 443 secure = True requestHeaders = [("User-Agent","Haskell pantry package")] path = "/commercialhaskell/stackage-snapshots/master/lts/22/43.yaml" queryString = "" method = "GET" proxy = Nothing rawBody = False redirectCount = 10 responseTimeout = ResponseTimeoutDefault requestVersion = HTTP/1.1 proxySecureMode = ProxySecureWithConnect } ConnectionTimeout </pre> </details> stack talks to a number of servers to do its job, using HTTP. Real world networks are complex, and many things can potentially disrupt this. Also, stack uses the haskell http-client library, whereas cabal uses `curl` by default. http-client is heavily used by haskell apps, but it can't compare with the battle-testing and hardening that `curl` receives. %% In other words, every stack user is acting as a tester for the interaction of haskell HTTP libs with the horrible real world. Whereas cabal users are using curl, which the whole world has tested and robustified ahead of time. %% So you are more likely to be affected by networking "issues" when using stack, compared to cabal. If it happens to you, here are some troubleshooting tips: **TLS Certificates**\ Your machine might not have the new-enough TLS certificates required for stack to talk to HTTPS servers. In particular, Windows users may need to apply all windows updates. (This fixed the "CA" errors above.) To diagnose, look for the hostname and file path in the error message, and try to fetch those with `curl`. Eg `curl https://stackage-haddock.haskell.org/snapshots.json` **IPv6**\ Sometimes servers or DNS have IPv6 misconfigured. Try disabling IPv6 on your system and see if it makes a difference. **DNS**\ Sometimes a server's hostname is not being resolved to an IP address successfully. Try to resolve it at the command line. Eg on unix: `host HOSTNAME`. Though keep in mind, stack is likely using different DNS resolution code than your web browser or command line tools. **Firewalls**\ A firewall on your machine or between you and server might be blocking you. See if you can ping it at the command line: `ping stackage-haddock.haskell.org`. If your ping allows it, test both IPv4 and IPv6 (eg try `fping -4` and `fping -6`). `httping https://stackage-haddock.haskell.org/snapshots.json`, with and without the `-6` flag could also be useful. If ping fails, you might be able to locate the blocker using `traceroute` or `mtr` or `trip`. If you have more info on this topic, please [let me know](https://matrix.to/#/#haskell-stack:matrix.org). I'd like these issues to be easier to diagnose and resolve.