0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

K-NOMPの証明書周りでハマった話

Posted at

K-NOMPのWebページをhttps対応にすべく、Let's encryptを用いて証明書を生成。
そのままconfig.jsonにkey/certの位置を流し込み、ブラウザからの接続はok。

"tlsOptions" : {
    "enabled": true,
    "key":"/etc/letsencrypt/live/example.net/privkey.pem",
    "cert":"/etc/letsencrypt/live/example.net/cert.pem"
}

と思っていたが、wgetやcurlからのアクセスが弾かれる

$ wget https://example.net/api/stats
--2018-02-07 04:02:34--  https://example.net/api/stats
Resolving example.net (example.net)... 101.x.y.z
Connecting to example.net (example.net)|101.x.y.z|:443... connected.
ERROR: cannot verify example.net's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:
  Unable to locally verify the issuer's authority.
To connect to example.net insecurely, use `--no-check-certificate'.

certに指定すべきはcert.pemではなくfullchain.pemだったようです。おわり

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?