-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wings in Docker - "x509: certificate signed by unknown authority" on startup #3096
Comments
I had this exact issue. This solved it for me |
Are your ca ca certificates up to date? The package should be |
Check my Wings docker-compose. That's definitely something I made sure I did. |
I will check when I'm at a computer. |
Cannot reproduce, and from what I've seen in the past this has always been an issue with the system ca store not being updated correctly. |
How did you resolve this, as I currently followed the Wings installation instructions and imported the Letsencrypt certificates generated by ACME in PFsense. But I am getting this error: FATAL: [Sep 1 21:01:03.689] failed to load server configurations error=http: request creation failed: Get "https://{SERVER_URL}/api/remote/servers?page=0&per_page=50": x509: certificate signed by unknown authority Stacktrace: I have done some troubleshooting, but cannot resolve the issue... |
Try updating your ca-certificates. |
If you moved your panel from another server, renew certificates. That was my problem. |
I'm currently having this issue while running both Panel and Wings under docker. My system CA store was correctly mapped for wings to use. Not really sure what could be causing this as running Wings outside of docker fixes this issue. |
The only way to fix this at this time has been to use |
I have encountered this issue as well and after some detective work I have found the error and a possible solution. Although I am not sure if my way of solving this can be considered "best practice". Running This file is being mounted via the So the And voilà the container starts without any error messages. TLS certificates are now being correctly verified. I hope this helps anyone who might run into the same problem. Have a great day :D |
Works around pterodactyl/panel#3096 (which couldn't be reproduced at the time, presumably due to no one happening to run EL) by adding documentation of alternative location for CA certs. The location of CA certificates varies by distribution. Debian/Ubuntu and derivatives use /etc/ssl/certs as the location for CA certs, but that path is hardcoded into the official Wings image, so adding an alt path to mount is the next best thing. Without having the correct cert location, you can fall back to the one inside the container of course, but it's preferable to use the host's. I don't know about other distros, but I found what is necessary for it to work on EL. By default, on EL, an x509 error occurs and Wings is unreachable.
Should be able to work around this with pterodactyl/wings#154 Basically, just mount /etc/ssl/certs/certificates.crt to /etc/pki/ca-trust/extracted/openssl/ca-trust.bundle.crt which is the location of openSSL CA certs on EL/Fedora based distros. |
For future generations that land here, this can happen if you decide to use just the |
This took me way too long to figure out, but commenting out the CA cert mounting in docker-compose resolved this for me. 🤦🏻 Thanks @danny6167. |
Background (please complete the following information):
Describe the bug
In my particular configuration -- setting up both the panel and wings in docker, panel and daemon behind Cloudflare (SSL mode: Strict) and the panel alone behind Traefik -- I receive the following error (captured from Portainer)
I have attempted to resolve the issue with the
--ignore-certificate-errors
startup arg, but receive a different error altogether.Lastly, I have attempted to resolve this issue, per the advice of Dr3nz4r in #wings-in-docker in Discord, by starting wings with the arg
--auto-tls --tls-hostname node1.argonaut.network
. This results in the former error log output, verbatim.I have confirmed that the correct cert/key pair are located in
/etc/letsencrypt/live/<host>
.I have confirmed that SELinux has not thrown any errors, and this still occurs in permissive mode.
I have confirmed that, to my knowledge (I have no idea how to tell, but was asked to verify this as a troubleshooting step), the files that should be located in /etc/ssl/certs are present.
I have confirmed that the necessary ports are open.
Below, you may find my configuration files:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Wings starts normally.
The text was updated successfully, but these errors were encountered: