Unable to get local issuer certificate

I self-host ete-base with docker locally on my LAN, and it uses a LetsEncrypt certificate for SSL

I am trying to setup the etesync-dav to connect to the local ete-base and am running into an issue.

I get the to the etesync-dav web portal on the local machine (http://localhost:37358/) and enter my username, password and server, when I click "Add" I get the following error:

error sending request for url (https://my.server.com:8484/api/v1/authentication/login_challenge/): error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915: (unable to get local issuer certificate)

If I try to add the user from the command line by setting the server with the env variable export ETESYNC_URL=https://my.server.com:8484 And running the command: ./etesync-dav manage add bob I get a similar error:

Please enter the EteSync account password: 
Logging in
Traceback (most recent call last):
  File "etesync-dav", line 84, in <module>
  File "etesync-dav", line 63, in manage
  File "etesync_dav/manage.py", line 164, in add_etebase
  File "etebase/__init__.py", line 90, in login
etebase_python.Error: error sending request for url (https://my.server.com:8484/api/v1/authentication/login_challenge/): error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915: (unable to get local issuer certificate)
[2404] Failed to execute script etesync-dav

I have tried both the web and cli methods with and without these env variables (despite LetsEncrypt not being a self-signed cert.)

export CURL_CA_BUNDLE=''
export REQUESTS_CA_BUNDLE=''

I can access ete-base (https://my.server.com:8484/) directly from the browser. I get the "It works!" page, and the browser recognizes the valid SSL cert.

I can access my ete-base from the Android App, and from the web app (https://pim.etesync.com) and view/sync my contacts/data/tasks.

I have tried this with the web portal, while etesync-dav was running in debug mode ./etesync-dav -D. The debug output did not appear to be relevant and mostly indicated it was providing data to the local browser successfully. I've included it at the end of the post for completeness.

If there is anything else I can try, or other further information that might help narrow down the issue let me know.

Thanks RockWest

[2021-02-17 10:20:07 -0800] [2411] [INFO] Loaded default config
[2021-02-17 10:20:07 -0800] [2411] [INFO] Loaded arguments
[2021-02-17 10:20:07 -0800] [2411] [INFO] Starting Radicale
[2021-02-17 10:20:07 -0800] [2411] [INFO] auth type is 'radicale.auth.htpasswd'
[2021-02-17 10:20:07 -0800] [2411] [INFO] storage type is 'etesync_dav.radicale.storage'
[2021-02-17 10:20:07 -0800] [2411] [INFO] rights type is 'etesync_dav.radicale.rights'
[2021-02-17 10:20:07 -0800] [2411] [INFO] web type is 'etesync_dav.radicale.web'
[2021-02-17 10:20:07 -0800] [2411] [INFO] Listening on '[127.0.0.1]:37358'
[2021-02-17 10:20:07 -0800] [2411] [INFO] Listening on '[::1]:37358'
[2021-02-17 10:20:07 -0800] [2411] [INFO] Radicale server ready
[2021-02-17 10:20:16 -0800] [2411/Thread-1] [INFO] GET request for '/' received from ::1 using 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'
[2021-02-17 10:20:16 -0800] [2411/Thread-1] [DEBUG] Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': '**masked**',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 '
                    'Firefox/78.0',
 'PATH_INFO': '/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '::1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': 'localhost',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=7>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[2021-02-17 10:20:16 -0800] [2411/Thread-1] [DEBUG] Sanitized script name: ''
[2021-02-17 10:20:16 -0800] [2411/Thread-1] [DEBUG] Sanitized path: '/'
[2021-02-17 10:20:16 -0800] [2411/Thread-1] [DEBUG] Response content:
Redirected to .web
[2021-02-17 10:20:16 -0800] [2411/Thread-1] [INFO] GET response status for '/' in 0.001 seconds: 302 Found
[2021-02-17 10:20:16 -0800] [2411/Thread-2] [INFO] GET request for '/.web/' received from ::1 using 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'
[2021-02-17 10:20:16 -0800] [2411/Thread-2] [DEBUG] Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': '**masked**',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 '
                    'Firefox/78.0',
 'PATH_INFO': '/.web/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '::1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': 'localhost',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=7>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[2021-02-17 10:20:16 -0800] [2411/Thread-2] [DEBUG] Sanitized script name: ''
[2021-02-17 10:20:16 -0800] [2411/Thread-2] [DEBUG] Sanitized path: '/.web/'
[2021-02-17 10:20:16 -0800] [2411/Thread-2] [INFO] GET response status for '/.web/' in 0.061 seconds: 302 Found
[2021-02-17 10:20:16 -0800] [2411/Thread-3] [INFO] GET request for '/.web/add/' received from ::1 using 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'
[2021-02-17 10:20:16 -0800] [2411/Thread-3] [DEBUG] Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': '**masked**',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 '
                    'Firefox/78.0',
 'PATH_INFO': '/.web/add/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '::1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': 'localhost',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=7>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[2021-02-17 10:20:16 -0800] [2411/Thread-3] [DEBUG] Sanitized script name: ''
[2021-02-17 10:20:16 -0800] [2411/Thread-3] [DEBUG] Sanitized path: '/.web/add/'
[2021-02-17 10:20:16 -0800] [2411/Thread-3] [INFO] GET response status for '/.web/add/' in 0.009 seconds: 200 OK
[2021-02-17 10:20:21 -0800] [2411/Thread-4] [INFO] POST request for '/.web/add/' received from ::1 using 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'
[2021-02-17 10:20:21 -0800] [2411/Thread-4] [DEBUG] Request headers:
{'CONTENT_LENGTH': '297',
 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': '**masked**',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/add/',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 '
                    'Firefox/78.0',
 'PATH_INFO': '/.web/add/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '::1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'POST',
 'SCRIPT_NAME': '',
 'SERVER_NAME': 'localhost',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=7>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[2021-02-17 10:20:21 -0800] [2411/Thread-4] [DEBUG] Sanitized script name: ''
[2021-02-17 10:20:21 -0800] [2411/Thread-4] [DEBUG] Sanitized path: '/.web/add/'
Logging in
[2021-02-17 10:20:21 -0800] [2411/Thread-4] [INFO] POST response status for '/.web/add/' in 0.016 seconds: 200 OK

etesync / etesync-dav

Unable to get local issuer certificate #203