当minio服务器配置使用https时,通过 Let's Encrypt certificates 申请了服务器证书;
这个时候,通过客户端连接服务器,minio设置:secure:true 时,连接失败,报错:
x509: certificate signed by unknown authority
客户端代码:
s3Client, err = minio.New(server, &minio.Options{
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
Secure: true,
})
if err != nil {
log.Fatalln(err)
}
log.Println("Successfully connected to minio:" + server)
x509: certificate signed by unknown authority
服务器端证书配置错了
确实是服务器证书配置错了,少走弯路:
解决方法:使用** fullchain.pem 作为 minio server 的 public.crt,不要使用cert.pem**
If you come across this issue and you are using Let's Encrypt certs make sure you are using full chain.pem rather than cert.pem.
When using certbot to generate certificates, it generates the following files:
root@errol:~# ls /etc/letsencrypt/live/mfmall.mfinfo.cn/
cert.pem chain.pem fullchain.pem privkey.pem README
root@errol:~#
Since the Synapse docs don't say anything about which one to use, and the relevant config option is named tls_certificate_path, people might tell Synapse to use cert.pem whereas it should be using fullchain.pem, which contains the complete certificate chain. This will likely prevent these people from federating once we start enforcing valid certs.
使用 fullchain.pem 作为 minio server 的 public.crt,不要使用cert.pem即可
你好,我是有问必答小助手,非常抱歉,本次您提出的有问必答问题,技术专家团超时未为您做出解答
本次提问扣除的有问必答次数,将会以问答VIP体验卡(1次有问必答机会、商城购买实体图书享受95折优惠)的形式为您补发到账户。
因为有问必答VIP体验卡有效期仅有1天,您在需要使用的时候【私信】联系我,我会为您补发。