Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: my-elixir-dev.xyz
I ran this command:
certbot certonly --manual --preferred-challenges dns
It produced this output:
I used a wildcard.
It produces certificate, key, and fullchain which are usable for all five domains when viewed from a browser, but not from curl or other non-browser
My web server is (include version):
k3s with traefik ingress
The operating system my web server runs on is (include version):
ubuntu 22.04
My hosting provider, if applicable, is:
DNS provided by directnic
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 3.0.0
There are five subdomains: portal, api, app, novnc, and meapi
Each of them is properly secured for a web browser with the certificates applied. However, they fail when using curl:
curl https://portal.my-elixir-dev.xyz/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: curl - SSL CA Certificates
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above
My concern is not with curl. My concern is that a thirdparty uses an unknown technology (may be curl, may be go, may be nodejs - just don't know) and they receive a similar error.
Their automated system reports:
Post "https://meapi.my-elixir-dev.xyz/api/v1/delivery": tls: failed to verify certificate: x509: certificate signed by unknown authority
Thanks in advance for any pointers