Mender with helm chart: deployments service fails to start due to certificate issue

rhirsh · February 1, 2023, 1:37pm

Hi all,

I’m using the v3.4.0 helm chart obtained GitHub - mendersoftware/mender-helm at 3.4.0

I used all the recommended settings, and generated self signed certificates as specified on the page,
but it seems that the cert/key generated for the api-gateway are not supported by the underlying Golang version validating the cert.

The deployment service has the following error:
caused by: Put "https://mydomain.com/mender-artifact-storage": x509: certificate relies on legacy Common Name field, use SANs instead

I tried generating the crt and key like this guide Create self-signed SSL certificate with SubjectAltName(SAN) · GitHub

And now deployments service is failing with:
caused by: Put "https://mydomain.com/mender-artifact-storage": x509: certificate signed by unknown authority

Anyone has any idea how to work around this?

EDIT:
I realize this is similar to “menderproduction_mender-deployments_1” keeps restarting on self-hosted mender server

rhirsh · February 6, 2023, 2:42pm

tl;dr what I’m looking for is a flag that will make deployments service ignore ssl certificate errors, since the certificate is self-signed (like the helm-chart guide suggests)

Topic		Replies	Views
[Demo installation] Certificate: "certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0" error General Discussions	3	3278	September 7, 2021
Issue with x509 certificate on Ubuntu General Discussions x509 , new-install	5	3236	December 3, 2019
Certificate issue when upgrading server from 2.6 to 3.2.1 General Discussions	8	535	May 4, 2022
Mender helm chart enhancements for self hosted mender General Discussions	1	280	June 23, 2021
Secure mender-open source server General Discussions	3	286	August 5, 2020

Mender with helm chart: deployments service fails to start due to certificate issue

Related Topics