Wondering how to get certbot to trust my non public CA cert chain on Windows. I have installed the cert chain under Trusted Root Certificate Authorites on my Windows server but still get the following error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='ajceg621.abc.com', port=443): Max retries exceeded with url: /acme/ajceg621/ecsaj000102~sub37603/acme_profile/directory (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125)')))e[0m
The only way I can get this to work is is I add the "--no-verify-ssl" to the command.
Hi @teamjanlil and welcome to the LE community forum
I'm generally NOT easily confused...
But this topic has me confused; because certbot only needs to communicate securely with LE and that should never be done through anything that would require a locally added intermediate chain or root.
So I fail to understand how that error message is being thrown by certbot. But I do see that --no-verify-ssl is a valid certbot parameter.
If you are somehow proxying all outbound requests [MITM] and expecting certbot to trust your system for requests to LE, then I can see why that would be a problem.
