Greetings,
I’ve been encountering an issue with connecting to a host via HTTP Integration, even though I’ve verified that it has a valid certificate. I’ve ensured that the server where ChirpStack is running can access the host without reporting any certificate errors using OpenSSL.
The log contains the following error message: “… error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer …”
I’ve received the certificate from GoDaddy and I’ve added gdig2.crt.pem, which can be found in GoDaddy’s certificate repository, to ca-certificates.conf. Afterward, I ran updated-ca-certificates.
When I execute OpenSSL with the s_client flag, providing my host details and the path to the CA certificates, the certificate and issuer appear to be valid.
Here’s a trimmed version of the output:
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
...
depth=0 CN = *.<mydomain>
...
Certificate chain
0 s:CN = *.<mydomain>
i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = [GoDaddy repository link], CN = Go Daddy Secure Certificate Authority - G2
...
Server certificate
-----BEGIN CERTIFICATE-----
<redacted>
-----END CERTIFICATE-----
subject=CN = *.<mydomain>
issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = [GoDaddy repository link], CN = Go Daddy Secure Certificate Authority - G2
...
Verification: OK
...
closed
Does anyone have any suggestions or ideas on how I can resolve this issue?