thanks for the great work this community is doing.
I’ve successfully generated my first let’s encrypt, configured https on haproxy and all good.
i’m using “kubectl” on macOS 10.15 communicating with the haproxy https interface, this gives an error of
Unable to connect to the server: x509: certificate signed by unknown authority
curl and chrome seem to work ok.
i am doubting this has something to do with Catalina and golang
as i run this test , i can observe the following
crypto/x509: verify-cert rejected CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US: "Cert Verify Result: Invalid Extended Key Usage for policy"
crypto/x509: verify-cert rejected CN=DST Root CA X3,O=Digital Signature Trust Co.: "Cert Verify Result: CSSMERR_TP_CERT_SUSPENDED"
Any idea what and why is this?
My domain is:
hclcnlabs.com (privately hosted so not reachable over the internet)
I ran this command:
It produced this output:
My web server is (include version):
haproxy 2.0 on ubuntu 18.04
I can login to a root shell on my machine (yes or no, or I don’t know):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
1.1.0 on macOS (generated the certificate manul using dns)