Wondering how to get certbot to trust my non public CA cert chain on Windows. I have installed the cert chain under Trusted Root Certificate Authorites on my Windows server but still get the following error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='ajceg621.abc.com', port=443): Max retries exceeded with url: /acme/ajceg621/ecsaj000102~sub37603/acme_profile/directory (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125)')))e[0m
The only way I can get this to work is is I add the "--no-verify-ssl" to the command.
Anyone have ideas?
You could use the
REQUESTS_CA_BUNDLE environment variable to provide your own list of trusted CA certificates.
Hi @teamjanlil and welcome to the LE community forum
I'm generally NOT easily confused...
But this topic has me confused; because
certbot only needs to communicate securely with LE and that should never be done through anything that would require a locally added intermediate chain or root.
So I fail to understand how that error message is being thrown by
certbot. But I do see that
--no-verify-ssl is a valid
If you are somehow proxying all outbound requests [MITM] and expecting
certbot to trust your system for requests to LE, then I can see why that would be a problem.
Based on the context and URL, this looks to me like this user is running a custom ACME server and points certbot to that, so no LE involved.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.