SSL error when using S3 compatible repository with letsencrypt certificate


I have installed a minio server protected by a certificate issued by letsencrypt to serve as a snapshot repository for my elasticsearch cluster (version 7.17.6). When I try to create the registry (curl -X PUT "localhost:9200/_snapshot/minio-repository" with my endpoint) I get a "unable to find valid certification path to requested target" error.

The closest discussion I could find is S3 Repo plugin failing certificate validation with MiniO, already added cert to Jdk truststore but it is not exactly the same thing and there is no complete answer.

I tried to use this recipe Import Let's Encrypt certificates into Java's trusted keystore (cacerts) · GitHub and simply changed the keystore path to /usr/share/elasticsearch/jdk/lib/security/cacerts and the keytool exe to /usr/share/elasticsearch/jdk/bin/keytool. But it doesn't change a thing.

Is /usr/share/elasticsearch/jdk/lib/security/cacerts the right keystore to add let's encrypt authority certificates ?

I forgot to specify that I work in a docker context. The image definition with the script that attempts to import lets'encrypt authority certificates is available here elasticsearch/Dockerfile at 7.x · data-fair/elasticsearch · GitHub

This is solved. The problem was that I was missing path_style_access=true option. I think the request was emitted to a subdomain instead of a path on the intended domain, which was not compatible with the way my minio server was exposed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.