konga icon indicating copy to clipboard operation
konga copied to clipboard

Published 20 hours ago verified publisher icon pantsel

Error: unable to get local issuer certificate

Open artburkart opened this issue 3 years ago • 1 comments

We're using Let's Encrypt to issue certificates for our Kong resources. In our pre-production environments, we use the staging Let's Encrypt certificate issuer. In our pre-production environments, we notice we can't connect to them over HTTPS, because of the following error:

 { error:
   { Error: unable to get local issuer certificate
       at TLSSocket.onConnectSecure (_tls_wrap.js:1058:34)
       at TLSSocket.emit (events.js:198:13)
       at TLSSocket.EventEmitter.emit (domain.js:448:20)
       at TLSSocket._finishInit (_tls_wrap.js:636:8) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' } }

We've added the root certificate to our test environment trust store, but Konga is unable to find it. Is there something we need to do to tell Konga about the certificate?

Our short-term hack is to add .strictSSL(false) to all the spots where a unirest request is made, but this is not ideal.

Thanks for any guidance you can offer! 👍

artburkart avatar Sep 17 '20 21:09 artburkart

Hi @artburkart

You can set NODE_EXTRA_CA_CERTS environment variable with the path of your CA certificate.

iul1an avatar Jul 08 '22 12:07 iul1an