X509: certificate signed by unknown authority in request GET nyben.xyz/

noip · March 24, 2022, 8:57am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
i used the below command to get a certificate from certbot which i them copeied to the folder that needed them and updated the configuration, but when i try to run the web application i get the following error x509: certificate signed by unknown authority
in request GET nyben.xyz/
2022/03/24 08:34:29 http: TLS handshake error from 207.148.4.123:43618: remote error: tls: bad certificate

My domain is: nyben.xyz

I ran this command: certbot certonly --manual --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.nyben.xyz -d nyben.xyz

It produced this output:

My web server is (include version): it wasn't meant to be installed on apache, but i use Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, i'm using ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

_az · March 24, 2022, 9:08am

Typically you will want to point your application to fullchain.pem rather than cert.pem.

At the moment, your nginx is not sending the intermediate certificate, which can cause software that connects to it, to fail to verify the certificate.

Also, usually you will want to directly point your webserver to use the certificate files in /etc/letsencrypt/live/ rather than copying the files, because copies of certificates do not get updated following automatic renewals.

noip · March 24, 2022, 10:20am

but anytime i try to point it to `/etc/letsencrypt/live/nyben.xyz i get: Error reading TLS cert ./etc/letsencrypt/live/nyben.xyz/cert.pem: %!s()

noip · March 24, 2022, 10:22am

this is what i'm trying to configure, muraena/config.toml at master · muraenateam/muraena · GitHub the TLS configuration start in no 137

9peppe · March 24, 2022, 2:39pm

See these three lines: it looks like your software wants cert.pem and fullchain.pem both (unusual)

certificate = "./config/cert.pem"
key = "./config/privkey.pem"
root = "./config/fullchain.pem"

_az · March 24, 2022, 5:42pm

root looks like it's for configuring client certificate CAs. It's not necessary to provide any value for it in this case.

I don't think that leading . should be there. The path is /etc, not ./etc.

Additionally, if your server is not running as root, there may be a permissions issue to work around.

system · April 23, 2022, 5:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.