Traefik v2 certificate NET::ERR_CERT_AUTHORITY_INVALID

I have setup Traefik v2 in EKS and configure certificate resolver with following config

[certificatesResolvers]
  [certificatesResolvers.letsencrypt]
    [certificatesResolvers.letsencrypt.acme]
      email = "admin@rablighting.com"
      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
      storage = "/etc/traefik/storage/acme.json"
      [certificatesResolvers.letsencrypt.acme.dnsChallenge]
        provider = "route53"
        delayBeforeCheck = 0
        resolvers = ["1.1.1.1:53", "8.8.8.8:53"]

Traefik container were able to get the certificate, which I verified by checking the contents of /etc/traefik/storage/acme.json.

But when I try to open HTTPS dashboard URL I get NET::ERR_CERT_AUTHORITY_INVALID error message in all browsers (Chrome, Safari, Firefox)

NET::ERR_CERT_AUTHORITY_INVALID
Subject: dev.lightcloud.ca
Issuer: Untrusted CA
Expires on: Dec 30, 2019
Current date: Oct 1, 2019

This Traefik environment running on AWS eks (v1.3) with traefik:v2.0
I am on Macbook (macOS : 10.13.6) with admin privileges & Chrome (Version 77.0.3865.90)

Hi @rp346

please answer the following questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Updated with more details.

Hi @rp346

checking your domain via https://check-your-website.server-daten.de/?q=dev.lightcloud.ca that's

the expected result.

Your certificate is 90 days "valid"

CN=dev.lightcloud.ca
	01.10.2019
	30.12.2019
expires in 90 days	*.dev.lightcloud.ca, dev.lightcloud.ca - 2 entries

but you use the test system

so your certificate is from

CN=Fake LE Intermediate X1
	24.05.2016
	24.05.2036
expires in 6080 days	

That's not a trusted certificate.

Change the caServer to the productive url

https://acme-v02.api.letsencrypt.org/directory

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.