"Can not fetch update image" error

Recently I created a Mender server and added a device to it. The device is communicating with the server perfectly: I was able to authorize it, view its inventory, etc.

However, I can’t deploy to it. I always get this in the error log:

2019-06-09 04:35:36 +0000 UTC error: Can not fetch update image: Get https://admin.zbapp.com:9000/mender-artifact-storage/b12174c5-7f8b-45e5-a1d0-d286172a6674?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=mender-deployments%2F20190609%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190609T043535Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&response-content-type=application%2Fvnd.mender-artifact&X-Amz-Signature=f5d4c15b92565f86eb014307bf71721337bea53417d88408c45a5f1b08e6ac4c: x509: certificate signed by unknown authority (possibly because of “x509: ECDSA verification failure” while trying to verify candidate authority certificate “admin.zbapp.com”)

Clearly it’s some kind of security error. But why is my device able to otherwise communicate perfectly with the server, yet when it tries to obtain an artifact, it fails? Is the connection to get the artifact somehow different than all the other connections?

I have a certificate installed on the device. The mender.conf has the entries:
“ServerURL”: “https://admin.zbapp.com:9010/
“ServerCertificate”: “/opt/gateway/scripts/mender.crt”,

Was I supposed to have created an additional certificate for the artifact connections and specified that somewhere in mender.conf?


So, I figured it out. I mistakenly copied (and referenced inside mender.conf) the cert.crt from keys-generated/api-gateway/cert.crt, which has only the API cert, instead of the file keys-generated/certs/server.crt, which has both certs for the AP gateway and the storage proxy.

Since I am using the same machine for both, the discrepancy didn’t occur to me until I went back and reviewed the key generation instructions.

Hope this helps someone in the future who runs into the same problem,


Thanks for reporting back