SSL wild card certificate using with nodejs and Lambda produce error "unable to verify the first certificate"

We are using the wild card certificate. Hence CRT for node as well as CA is same.
The elasticsearch.yml file is as follows.... cluster_name i0861956fda57c7461 "/data/elasticsearch"
path.logs: "/var/log/elasticsearch"
node.master: true true
node.ingest: true 'true' 'true' true "/etc/elasticsearch/certs/i0861956fda57c7461.key" "/etc/elasticsearch/certs/i0861956fda57c7461.crt" "/etc/elasticsearch/certs/ca.crt" optional "/etc/elasticsearch/certs/i0861956fda57c7461.key" "/etc/elasticsearch/certs/i0861956fda57c7461.crt" "/etc/elasticsearch/certs/ca.crt"
discovery.type: single-node

the node "" resolve the IP
ON browser " works and no SSL error.
Our certs expired on 09/03/2022.

Our Lambda function access the VPC where our node with IP is
Our Lambda function is configure to use ""
The issue start when we enable the encryption/certs. When we do not have certs then things works without any issue,

Following is the error we see when request were made.
"errorType": "ConnectionError",
"errorMessage": "unable to verify the first certificate",
"trace": [
"ConnectionError: unable to verify the first certificate",
" at onResponse (/var/task/node_modules/@elastic/elasticsearch/lib/Transport.js:205:13)",
" at ClientRequest.request.on.err (/var/task/node_modules/@elastic/elasticsearch/lib/Connection.js:98:9)",
" at ClientRequest.emit (events.js:198:13)",
" at ClientRequest.EventEmitter.emit (domain.js:448:20)",
" at TLSSocket.socketErrorListener (_http_client.js:401:9)",
" at TLSSocket.emit (events.js:198:13)",
" at TLSSocket.EventEmitter.emit (domain.js:448:20)",
" at emitErrorNT (internal/streams/destroy.js:91:8)",
" at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)",
" at process._tickCallback (internal/process/next_tick.js:63:19)"

Appreciate any help to resolve the "unable to verify the first certificate"

ca.crt is having the certificate provider cert in our case is GoDaddy-gd_bundle-g2-g1.crt
node cert is our server cert provided by GoDaddy
node key is the key use to create the node crt.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.