Installing certifi didn't help.
1 Like
If it terminates all inbound TLS connections, do you really still need a cert on this system?
2 Likes
I see what you mean. This is me trying to POC snapd on my new servers to eventually use it on a prod server that will require the certificate. I am trying --dry-run for now.
1 Like
No matter what, I think I should be able to add certificates to the trust store and then snapd would trust the remote server. But this is not happening in my testing.
1 Like
I think the proxy may be playing into the problem.
But more so, I think the O/S and/or version of something like OpenSSL may also be to blame.
Can you use any other O/S?
[at least for testing]
2 Likes
My production system is currently on RHEL7, but using the old way (no snapd).
I'll try to test on a different OS and read more on the snapd documentation. Maybe I am missing a command to run to make snapd pick up my trust store. Some documentation says this is the order it searches the OS:
var certFiles = []string{
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/pki/tls/cacert.pem", // OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
"/etc/ssl/cert.pem", // Alpine Linux
}
var certDirectories = []string{
"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
"/system/etc/security/cacerts", // Android
"/usr/local/share/certs", // FreeBSD
"/etc/pki/tls/certs", // Fedora/RHEL
"/etc/openssl/certs", // NetBSD
"/var/ssl/certs", // AIX
}
Reference: Bug #1620755 “x509: certificate signed by unknown authority” : Bugs : Snappy
1 Like
Also for testing, I would try with another ACME client.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.