-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
letsencrypt tls server cert error: unable to verify the first certificate #122
Comments
Here is the cert and CA chains, and a dump using openssl:
|
I've tried multiple certificates, and also tried using a subdomain |
Hmm, can you also share output from certbot? |
Also have you tried sending the configuration to a vehicle? Just curious if it will still work or not. |
Here's the certbot output. This example is when I used a subdomain
|
In case it matters: my fleet telemetry server is running on AWS behind a Network Load Balancer which forwards port 443 as TCP to the fleet telemetry server. AFAIK that should support mTLS. |
@patrickdemers6 actually I just tried, and it's working! The fleet-telemetry server is receiving telemetry from my vehicle, despite this error message when checking the cert. |
@patrickdemers6 I did not get the certificate from LetsEncrypt and I already have a domain and cert is issued by AWS. I used the certificate chain and domain cert. When i try to start the server using
But i do have the cert files in that location. Any idea what could be the issue? Here is my config file:
|
Can you include the docker-compose file you're using? My hunch is you don't have a volume mounted at the proper path in the container. |
Here is the docker-compose.yml file:
|
@PrriyaR may I humbly suggest that you use another ticket or method to request assistance so that this ticket can be used to track the original issue, which is that the |
Sure, I will move my comments out. |
@jbanyer Did you ever figure out the issue with the Will try issuing commands too now, but wasn't sure if my setup was correct so far. |
Hi @patrickdemers6 . I've followed your guide and generated a cert for mTLS using certbot / Let's Encrypt. The certificate has been delivered and loaded by the fleet-telemetry server however it fails the first step of the
check_server_cert.sh
tool.When running this step manually I get the following output:
The exact same output is produced on a Linux server.
The fleet telemetry server is running at tesla.chqtest.net:443 so you can confirm for yourself. Server is dockerhub image tesla/fleet-telemetry:v0.1.11
Any help would be appreciated! Cheers.
The text was updated successfully, but these errors were encountered: