"x509: certificate signed by unknown authority" with Let's Encrypt certificates on (some) servers with .well-known #59
Comments
|
Config issue on my side. |
|
If you come across this issue and you are using Let's Encrypt certs make sure you are using |
Finally, that fixed it! Good thing they added that piece of info to the |
|
Leaving a note on this for anyone who sets this up using Synology NAS, with LetsEncrypt certificates you get through the Synology DSM. Synology doesn't give you the full chain by default, so you need to combine the cert and chain files yourself. When you export your certificate, open a text editor and take the contents of RSA-cert.pem and paste it to the top of RSA-chain.pem. This new file should consist of your cert first, followed by the rest of the chain, therefore a full chain. Use this new file as the fullchain cert you use on your server and you're good to go. |
|
@IcedEagle thx for your comment! I'm afraid this did not completely work for me but it might be because I'm using ZeroSSL, does anybody know perhaps why this is happening to me? |
|
Ah seems like I did this only for my base domain and not for the matrix domain, now it seems to be working, thx a lot! |
When running the federation tester against my homeserver (
abolivier.bzh), which is serving a valid Let's Encrypt certificates, and is delegating traffic via .well-known, the federation tester errors at cert verification withx509: certificate signed by unknown authority.The text was updated successfully, but these errors were encountered: