Not the answer you need?
Register and ask your own question!

Let's Encrypt Certificates - Unknown Authority?

gordangordan EntrantCurrent User Role Supporter
I'm trying to set up pmm-client to talk to a pmm server that uses a freshly minted cert from letsencrypt, and I am getting this:

Unable to connect to PMM server by address: pmm.shatteredsilicon.net:443
Get https://pmm.shatteredsilicon.net:443/qan-api/ping: x509: certificate signed by unknown authority

Browsers have no problem connecting. Not sure of it matters, but the way I have it set up is apache on the docker host is responding on port 443, terminating ssl, and then proxying the request to the pmm docker container.

Is this a known issue? Is there a quick and easy workaround, e.g. passing an extra CA certificate via docker -v to the container?

Comments

  • Michael CoburnMichael Coburn Principal Architect, Percona Percona Staff Role
    Hi gordan

    Sorry this post didn't get any attention - I've escalated it internally, and you should get some Engineering eyes on it shortly! Thanks,
  • Michael CoburnMichael Coburn Principal Architect, Percona Percona Staff Role
    Hi gordan

    While we haven't implemented this feature nor is it supported, you might find the following JIRA feature request helpful - let us know your outcome!
    https://jira.percona.com/browse/PMM-1566
  • DBennettDBennett Percona Director of DS Inactive User Role
    Hi Gordan,

    One thing to check, make sure your Let's Encrypt Intermediate CA Certificate is included in your trusted CA certificates in

  • gordangordan Entrant Current User Role Supporter
    I am not actually using nginx for handling SSL. I am using Apache on the host to terminate SSL and proxy the connection to the docker container. Everything else works just fine with the https endpoint this way, but pmm-admin emits the error saying that it doesn't recognise the signing authority. It is only pmm-admin that seems to have this problem.
  • Michael CoburnMichael Coburn Principal Architect, Percona Percona Staff Role
    Hi gordan
    If you have the opportunity we'd value you submitting a feature request in order to address this concern with pmm-admin. Thank you!
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.