Help us understand the problem. What is going on with this article?

K-NOMPの証明書周りでハマった話

More than 1 year has passed since last update.

K-NOMPのWebページをhttps対応にすべく、Let's encryptを用いて証明書を生成。
そのままconfig.jsonにkey/certの位置を流し込み、ブラウザからの接続はok。

"tlsOptions" : {
    "enabled": true,
    "key":"/etc/letsencrypt/live/example.net/privkey.pem",
    "cert":"/etc/letsencrypt/live/example.net/cert.pem"
}

と思っていたが、wgetやcurlからのアクセスが弾かれる

$ wget https://example.net/api/stats
--2018-02-07 04:02:34--  https://example.net/api/stats
Resolving example.net (example.net)... 101.x.y.z
Connecting to example.net (example.net)|101.x.y.z|:443... connected.
ERROR: cannot verify example.net's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:
  Unable to locally verify the issuer's authority.
To connect to example.net insecurely, use `--no-check-certificate'.

certに指定すべきはcert.pemではなくfullchain.pemだったようです。おわり

teutidos
Founder of kotopool.work which is one of the cryptocurrency "Koto" mining pool.
https://kotopool.work/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away