C
Coder.com4w ago
Conor

Access url is throwing a cert error

I have coder deployed using helm on a k3s cluster. I also have a self signed CA which is needed to authenticate requests to https://coder.lan values.yaml files: 
coder:
  certs:
    secrets:
      - name:  homelab-ca
        value: cert.crt
  service:
    type: ClusterIP
  env:
    - name: CODER_PG_CONNECTION_URL
      valueFrom:
        secretKeyRef:
          name: coder-db-url
          key: url

    - name: CODER_ACCESS_URL
      value: "https://coder.lan"

    - name: CODER_WILDCARD_ACCESS_URL
      value: "*.coder.lan"
  image:
    repo: "ghcr.io/coder/coder"
    tag: "v2.11.2"
coder:
  certs:
    secrets:
      - name:  homelab-ca
        value: cert.crt
  service:
    type: ClusterIP
  env:
    - name: CODER_PG_CONNECTION_URL
      valueFrom:
        secretKeyRef:
          name: coder-db-url
          key: url

    - name: CODER_ACCESS_URL
      value: "https://coder.lan"

    - name: CODER_WILDCARD_ACCESS_URL
      value: "*.coder.lan"
  image:
    repo: "ghcr.io/coder/coder"
    tag: "v2.11.2"
Error: EACS03: get healthz endpoint: Get "https://coder.lan/healthz": tls: failed to verify certificate: x509: certificate signed by unknown authority The cert is being mounted to /etc/ssl/certs successfully. However, it is not being updated for curl (for example) to access the url without getting an x509: certificate signed by unknown authority error Any ideas why this is?
Solution:
found the solution to the issue: ```YAML coder: certs: secrets:...
Jump to solution
4 Replies
Codercord
Codercord4w ago
<#1253084386769895524>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
ShamesBond
ShamesBond4w ago
Are you able to use curl directly? That error sounds like it's complaining about the CA and not the cert itself, that might point to permissions issue with the mounted cert. You could try mounting the CA instead
Conor
Conor4w ago
The CA is correct, when I try to curl inside the servers pod it also gets a cert error. When I wget the url and specifically define the ca file location with the —ca-certificate flag with the ca file then it works fine. Seems like an issue with the server not doing update-ca-certificates or whatever needs to be done to put the cert into /etc/ssl/certs/certificates.crt
Solution
Conor
Conor4w ago
found the solution to the issue: 
coder:
  certs:
    secrets:
      - name:  homelab-ca
        value: cert.crt
coder:
  certs:
    secrets:
      - name:  homelab-ca
        value: cert.crt
should be 
coder:
  certs:
    secrets:
      - name:  homelab-ca
        key: cert.crt
coder:
  certs:
    secrets:
      - name:  homelab-ca
        key: cert.crt
Want results from more Discord servers?
Add your server
More Posts
Create a dedicated workspace for each userI am investigating to see if I would be able to replace Gitpod with Coder for my workshop needs. A create my first custom imageNow that I have a running coder in my Kube and tested it with base template, I need to customize it How to increase size of workspace volume?Hey, all. Home user here, loving Coder so far. I'm cloning a monorepo into my workspace which is quset template description ( the name the users see when creating )Hi, We moved all template / image creation and mgmt to Gitlab. One issue though - how do we set theAutomation for importing the .code-profile inside terraform templateHello, I have created a workspace using available kubernetes template on coder server. Now I am ableSync local file into coder workspaceWe are trying to setup coder for our RoR project, for this project we setup our secrets using onePasTroubleshooting steps for SCIMFrom @mark - https://discord.com/channels/747933592273027093/971231372373033030/1250830381255495783 Coder envbuilder container starts logging 401 errors when using "Update" optionI am seeing an issue where when I use the "Update" option in the coder dashboard after a template chNot releasing the memory after Terraform task completedHi, I've noticed high memory usage after starting a workspace or updating the template. Typically, Persisting container state across workspace restartsI am working on setting up development environments with envbuilder, and I would like to emulate the