问题遇到的现象和发生背景
当minio服务器配置使用https时,通过 Let's Encrypt certificates 申请了服务器证书;
这个时候,通过客户端连接服务器,minio设置:secure:true 时,连接失败,报错:
x509: certificate signed by unknown authority
问题相关代码,请勿粘贴截图
客户端代码:
s3Client, err = minio.New(server, &minio.Options{
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
Secure: true,
})
if err != nil {
log.Fatalln(err)
}
log.Println("Successfully connected to minio:" + server)
运行结果及报错内容
x509: certificate signed by unknown authority
我的解答思路和尝试过的方法
服务器端证书配置错了
解决方法:
确实是服务器证书配置错了,少走弯路:
解决方法:使用** fullchain.pem 作为 minio server 的 public.crt,不要使用cert.pem**
If you come across this issue and you are using Let's Encrypt certs make sure you are using full chain.pem rather than cert.pem.
When using certbot to generate certificates, it generates the following files:
root@errol:~# ls /etc/letsencrypt/live/mfmall.mfinfo.cn/
cert.pem chain.pem fullchain.pem privkey.pem README
root@errol:~#
Since the Synapse docs don't say anything about which one to use, and the relevant config option is named tls_certificate_path, people might tell Synapse to use cert.pem whereas it should be using fullchain.pem, which contains the complete certificate chain. This will likely prevent these people from federating once we start enforcing valid certs.
