Caused by SSLError(SSLCertVerificationError

[karezza]

Currently I'm seeing the following error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='keycloak.<homedomain>', port=443): Max retries exceeded with url: /auth/realms/<homedomain>/protocol/openid-connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))

And have come across two techniques to add the ca chain to the container:

1. first attempt

   
   cp ca-chain.crt /usr/share/ca-certificates
   echo "ca-chain.crt" >> /etc/ca-certificates.conf
   update-ca-certificates

Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.

2. second attempt

pip config set global.cert ca-chain.pem

Since neither of these appears to have worked I'm looking for the right technique to install a ca-chain into taiga-docker_taiga-back_1?  Since I believe this step is required for a working installation, I figure someone here must know ...

Note, yes keycloak is setup with certificates via a local certificate authority.  I can browse to keycloak using chromium on the host system running taiga6 and see the icon showing the connection is secure.

[karezza]

I've figured out python has its own ca-bundle meaning the following works:

echo "ca-chain.crt" >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem

Seems there should be a "less hacky", more official way to do this... oh well for now I guess.