I have cert-manager setup for requesting LetsEncrypt wildcard certificate (*.qa.lightcloud.com) and store it in a secret qa-cert. This secret is used by Traefik (IngressRoute) for tls
IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-external-secure
namespace: qa
spec:
entryPoints:
- websecure
routes:
- match: Host(`qa.lightcloud.com`)
kind: Rule
services:
- name: nginx
port: 80
middlewares:
- name: secured-restricted
tls:
secretName: qa-cert
I have *.qa.lightcloud.com & C=US /O=Let's Encrypt /CN=R3 certificate stored in a secret qa-cert (tls.crt) which I have verified using Certificate Checker - Verify and Decode Intermediate Certificates | KeyCDN Tools and didn't find any issue with it.
This URL (https://qa.lightcloud.com) works in most of the browsers (Chrome, Safari, Edge, Firefox). But python request lib fails with
import requests
requests.get('https://qa.lightcloud.com')
requests.exceptions.SSLError: HTTPSConnectionPool(host='qa.domain.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))
python urllib2 lib fails as well
import urllib2
response = urllib2.urlopen('https://qa.lightcloud.com')
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>
How can I fix this ?