Error: The certificate contains a delegation that does not include the canister aaaaa-aa in the canister_ranges field

Hi guys, I’m trying to create a canister from the backend (NestJS) and install_code into it. But I’m getting this error:

The certificate contains a delegation that does not include the canister aaaaa-aa in the canister_ranges field

This happens when I use provisionalCreateCanisterWithCycles locally.

I also started the replica with:
dfx start --clean
and it shows:
Replica API running on 127.0.0.1:4943. You must open a new terminal to continue developing. If you’d prefer to stop, quit with 'Ctrl-C'.

This is the TypeScript code I’m using. Has anyone else faced this error before? Please help if you’ve run into it.

image677×458 46.6 KB

You should install the NNS locally,

You can do so by doing;

dfx extension install nns
dfx extension run nns install

After you ran your

dfx start —clean —background

The issue - not being able to provision a canister locally - might be related to the fact that you’re executing the create call as an anonymous user. Try passing the identity to your agent:

const agent = await HttpAgent.create({
   // same
   identity <-----------

Side note: This isn’t your issue, but you can remove the line await agent.fetchRootKey() since you already pass shouldFetchRootKey: true when creating the agent.

I tried, but it still not working man

Yeah, I also tried to using it first: “const identity = Ed25519KeyIdentity.generate();”. But it still not working :((

1. I’m confuse, did you pass the identity to await HttpAgent.create or not? Can you share the resulting code snippet?

2. What version of @dfinity/ic-management are you using?

here is the code man, and I use the newest version from yarn: “@dfinitydfinitydfinitydfinity/ic-management”: "^7.0.2”

image512×176 18.1 KB

I tried to log it, and it seem created success. But I dont know why it still return error

image1879×120 55.3 KB

Great.

1. I’m not familiar with DFX but, isn’t port 8080 deprecated in favor of 4943 as in your first snippet? Have you try both this port and passing the identity?

2. Have you try to use 127.0.0.1 instead of localhost?

3. v7.0.2 should be good. You can try v7.0.1, that’s the version I’m using but, I doubt that’s really the issue.

I tried all you said man, hmm it’s still not working. I means by log I give you above, it’s created success, but it still return error, dont understand it hmm

Umm, I don’t know then, sorry. It doesn’t seem related to the JS code.

okay thank you man, I will try to find another way hmm

This error usually happens if the effective canister id of the call is not set properly, but I can’t figure out how to set it. @ilbert do you know?

I see we can set it with install_code, but not for “provisional_create_canister_with_cycles” :((

Since v3.2.0 (and specifically PR#1083), we always check if the target canister is in the allowed subnet’s range. Before, we were only performing the check it if the target canister was not the management canister.

After a quick discussion with @mraszyk, I plan to fix this by skipping the check if, and only if, the target canister is the management canister, the target method is provisional_create_canister_with_cycles and network is not mainnet.

Good input!

@Huygon764 what version of @dfinity/ic-management are you using?

The library uses a custom transform function that correctly sets the effectiveCanisterId for provisional_create_canister_with_cycles. This was added at the beginning of June.

I using newest version: “7.0.2” man

In that case, there should be no need for an exception to verifying canister ranges as @ilbert described it above.

Is your code open source, or can you share your script’s code?

I can try using it to reproduce the issue against my Docker container, where all the features we mentioned in this thread are working as expected. If I cannot reproduce the issue in this setup, then maybe someone else can try with dfx.

he shared the code on Discord: GitHub - Huygon764/test-create-canister