error trying to connect: invalid peer certificate: UnknownIssuer

[Freekers]

I've setup a Defguard stack (defguard, gateway, caddy and postgres) in Docker on my main server using the provided setup script (https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/setup.sh). It works as intended, i.e. the webinterface is reachable over HTTPS using a FQDN and which has a valid SSL certificate from Let's Encrypt. VPN connectivity is also working: I'm able to connect using a Wireguard profile. Additionally, internet access is enabled, so I can browse the web via the VPN.

Now I want to add a second location to this instance. To do so, I've tried to deploy the defguard gateway on another server. However, it does not connect to the main instance due to the following error:

ERROR defguard_gateway::gateway] Couldn't retrieve gateway configuration, retrying: status: Unavailable, message: "error trying to connect: invalid peer certificate: UnknownIssuer", details: [], metadata: MetadataMap { headers: {} }

I'm starting the gateway as follows:

docker run -e DEFGUARD_TOKEN=<MYTOKEN> -e DEFGUARD_GRPC_URL=https://fqdn.of.mainserver:50055/ --restart unless-stopped --network host --cap-add NET_ADMIN ghcr.io/defguard/gateway:latest

I've also tried the binary version instead of the docker image, which gives exactly the same error message.

./defguard-gateway-linux-x86_64-v0.6.2 -g https://fqdn.of.mainserver:50055/ -t <MYTOKEN>

Port 50055 is listening on all interfaces on the main server and the certificate is valid; it's provided by Let's Encrypt via Caddy for the given FQDN. Am I doing something wrong or is this a bug?

Thank you

[teon]

@Freekers Please join our matrix for community support. This is not a bug - but just support issue. Closing.

[teon]

@Freekers probably what you are looking for: https://defguard.gitbook.io/defguard/tutorials/step-by-step-setting-up-a-vpn-server/adding-additional-vpn-locations

[Freekers]

Thanks