Discussion - NET::ERR_CERT_AUTHORITY_INVALID when accessing apps. | PlexGuide.com

Discussion NET::ERR_CERT_AUTHORITY_INVALID when accessing apps.

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

tmyers07

Citizen
Original poster
Jun 28, 2018
5
2
For a few weeks now, when I access my various apps, they all show the certificate as being invalid. I use Cloudflare as the provider. I have redeployed Traefik multiple times and the reverse proxy works with all apps with no issues, it's just I don't get the secure HTTPS connection. I have removed and re-added the domain to Cloudflare, regenerated the API key, verified 80 and 443 are port forwarded to the plexguide server, and I cannot seem to resolve the issue. I have tried multiple browsers, cleared cache, etc. Any help would be greatly appreciated. When I click on the cert in the browser, it does show this:
NET::ERR_CERT_AUTHORITY_INVALID
Subject: TRAEFIK DEFAULT CERT
Issuer: TRAEFIK DEFAULT CERT
Expires on: Feb 1, 2020
Current date: Feb 1, 2019
 

Attachments

Haulien

Noobz
Jan 24, 2019
1
0
For a few weeks now, when I access my various apps, they all show the certificate as being invalid. I use Cloudflare as the provider. I have redeployed Traefik multiple times and the reverse proxy works with all apps with no issues, it's just I don't get the secure HTTPS connection. I have removed and re-added the domain to Cloudflare, regenerated the API key, verified 80 and 443 are port forwarded to the plexguide server, and I cannot seem to resolve the issue. I have tried multiple browsers, cleared cache, etc. Any help would be greatly appreciated. When I click on the cert in the browser, it does show this:
NET::ERR_CERT_AUTHORITY_INVALID
Subject: TRAEFIK DEFAULT CERT
Issuer: TRAEFIK DEFAULT CERT
Expires on: Feb 1, 2020
Current date: Feb 1, 2019
I'm having much the same issue however with google cloud dns, not cloudflare. Generating a cert manually with certbot seems to work without issue.

EDIT: got mine fixed. Bad config on my part! Likely unrelated to OPs
 
Last edited:
S

subse7en

Guest
Enable cloudflare ssl,
Disable page caching in cloudflare settings

Run sudo docker logs -f traefik and see if there's an error with the acme.json permissions, if so fix and restart
 
  • Like
Reactions: 1 user

mondychan

Citizen
Oct 26, 2018
8
9
Enable cloudflare ssl,
Disable page caching in cloudflare settings

Run sudo docker logs -f traefik and see if there's an error with the acme.json permissions, if so fix and restart
+1, after viewing the logs i found out my acme.json had wrong permissions for traefik to work

level=error msg="Unable to add ACME provider to the providers list: unable to get ACME account : permissions 775 for /etc/traefik/acme/acme.json are too open, please use 600"

so i simply changed the permission of /opt/appdata/traefik/acme/acme.json to 600 , restarted the traefik container, and whoala, fixed
 

hooper

Governer
Staff
Donor
Aug 1, 2018
310
119

tmyers07

Citizen
Original poster
Jun 28, 2018
5
2
I had this same permission issue with acme.json, I posted about it here https://plexguide.com/threads/lets-encrypt.3354/#post-19502

wondering if this chmod command could just be added to PG to fix this issue going forward.
I had this same permission issue with acme.json, I posted about it here https://plexguide.com/threads/lets-encrypt.3354/#post-19502

wondering if this chmod command could just be added to PG to fix this issue going forward.
This was the fix. It definitely had the issue with permissions on the acme.json file. As stated above, changed it to 600, restarted Traefik, and was good to go. I'm not sure how it would have been changed, or if perhaps it should be set to that as part of the PG installation. I'll leave that to the team. Thank you very much for the help!
 

Grawl

Active
Donor
Jan 1, 2019
30
5
For some reason this suddenly started to be a problem for me with GoDaddy. I solved it by manually removing the "_acme-challenge" in the DNS settings and destroying and deploying Traefik again.
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending