I have an internal CA and I’m trying to configure the Let’s Encrypt addon it fails with “certificate verify failed”. On my other servers I use the acme.sh script to pull the certs and that works fine. All the machines have internal CA’s root cert added to there certs. The same root cert (below) can be save to a file and used with curl, on the homeassistant.uucp server to access the internal CA . Here’s my config (minus the actual cert).
config
domains:
- homeassistant.uucp
email: [email protected]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: http
dns: {}
acme_server: https://taz.uucp:4343/
acme_root_ca_cert: |
-----BEGIN CERTIFICATE-----
... line 1 actual cert text here
line 2 etc ...
-----END CERTIFICATE-----
...
[01:19:58] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
requests.exceptions.SSLError: HTTPSConnectionPool(host='taz.uucp', port=4343): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1129)')))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
...