I’m hoping to use a Letsencrypt SSL certificate with my ipfs cluster so I can securely make API requests.
I first used certbot to create a certificate.
sudo certbot certonly --standalone -m insanity54@example.com -d cluster.sbtp.xyz
Next I copied the files to ~/.ipfs-cluster
$ pwd
/home/sbtpxyz/.ipfs-cluster
sudo cp /etc/letsencrypt/live/cluster.sbtp.xyz/{cert,chain,fullchain,privkey}.pem .
…and changed the owner of the letsencrypt files from root to my the name of my user account
chown -R sbtpxyz:sbtpxyz .
Next I configured service.json to point to what I think are the correct files.
$ cat service.json | grep ssl
"ssl_cert_file":"/home/sbtpxyz/.ipfs-cluster/cert.pem",
"ssl_key_file":"/home/sbtpxyz/.ipfs-cluster/privkey.pem",
When I’m running ipfs-cluster-service, I’m getting an error when I make API requests using HTTPie.
https https://cluster.sbtp.xyz:9094/health
https: LogLevel.ERROR: SSLError: HTTPSConnectionPool(host='cluster.sbtp.xyz', port=9094): Max retries exceeded with url: /health (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)'))) while doing a GET request to URL: https://cluster.sbtp.xyz:9094/health
I know I could add --verify no to that HTTPie command which is fine for dev, but I don’t want to do that in production. I’d like to get the full benefits of SSL cert chains and not disable them.
Similar issue when making a fetch using deno.
UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
Are there any errors in my work? Am I using the correct cert & key files?