What's new
PGBlitz.com

Register Now! Find useful tips, Interact /w Community Members and join the part the Best Community on the Internet!

Discussion NET::ERR_CERT_AUTHORITY_INVALID when accessing apps.

tmyers07

Junior Member
PG Version
8.3.7
Server Type
Local - Virtual Machine
For a few weeks now, when I access my various apps, they all show the certificate as being invalid. I use Cloudflare as the provider. I have redeployed Traefik multiple times and the reverse proxy works with all apps with no issues, it's just I don't get the secure HTTPS connection. I have removed and re-added the domain to Cloudflare, regenerated the API key, verified 80 and 443 are port forwarded to the plexguide server, and I cannot seem to resolve the issue. I have tried multiple browsers, cleared cache, etc. Any help would be greatly appreciated. When I click on the cert in the browser, it does show this:
NET::ERR_CERT_AUTHORITY_INVALID
Subject: TRAEFIK DEFAULT CERT
Issuer: TRAEFIK DEFAULT CERT
Expires on: Feb 1, 2020
Current date: Feb 1, 2019
 

Attachments

Haulien

Noob
For a few weeks now, when I access my various apps, they all show the certificate as being invalid. I use Cloudflare as the provider. I have redeployed Traefik multiple times and the reverse proxy works with all apps with no issues, it's just I don't get the secure HTTPS connection. I have removed and re-added the domain to Cloudflare, regenerated the API key, verified 80 and 443 are port forwarded to the plexguide server, and I cannot seem to resolve the issue. I have tried multiple browsers, cleared cache, etc. Any help would be greatly appreciated. When I click on the cert in the browser, it does show this:
NET::ERR_CERT_AUTHORITY_INVALID
Subject: TRAEFIK DEFAULT CERT
Issuer: TRAEFIK DEFAULT CERT
Expires on: Feb 1, 2020
Current date: Feb 1, 2019
I'm having much the same issue however with google cloud dns, not cloudflare. Generating a cert manually with certbot seems to work without issue.

EDIT: got mine fixed. Bad config on my part! Likely unrelated to OPs
 
Last edited:
S

subse7en

Guest
Enable cloudflare ssl,
Disable page caching in cloudflare settings

Run sudo docker logs -f traefik and see if there's an error with the acme.json permissions, if so fix and restart
 

mondychan

Junior Member
Enable cloudflare ssl,
Disable page caching in cloudflare settings

Run sudo docker logs -f traefik and see if there's an error with the acme.json permissions, if so fix and restart
+1, after viewing the logs i found out my acme.json had wrong permissions for traefik to work

level=error msg="Unable to add ACME provider to the providers list: unable to get ACME account : permissions 775 for /etc/traefik/acme/acme.json are too open, please use 600"

so i simply changed the permission of /opt/appdata/traefik/acme/acme.json to 600 , restarted the traefik container, and whoala, fixed
 

tmyers07

Junior Member
I had this same permission issue with acme.json, I posted about it here https://plexguide.com/threads/lets-encrypt.3354/#post-19502

wondering if this chmod command could just be added to PG to fix this issue going forward.
I had this same permission issue with acme.json, I posted about it here https://plexguide.com/threads/lets-encrypt.3354/#post-19502

wondering if this chmod command could just be added to PG to fix this issue going forward.
This was the fix. It definitely had the issue with permissions on the acme.json file. As stated above, changed it to 600, restarted Traefik, and was good to go. I'm not sure how it would have been changed, or if perhaps it should be set to that as part of the PG installation. I'll leave that to the team. Thank you very much for the help!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads


Development Donations

 

Top NZB NewsGroups!

Members - Up To a 58% Discount!

Trending

Online statistics

Members online
8
Guests online
131
Total visitors
139
Top