Chain Certificate

[RockWest]

I trying to setup etebase over SSL using Let's Encrypt certificates, I have the folder mounted in the container with the privkey.pem, fullchain.pem and cert.pem certificates.

I have the X509_CRT and X509_KEY env variables set, and it workx as expected. I can connect to etebase from the android client, although I need to manually approve the certificate as the chain is missing. I can navigate to the etebase "It Work's" website, and the browser recognizes the correct SSL certificates. All good, super easy to setup, thanks a bunch!

When trying to connect to etebase from the etesync-dav client I get the following error: unable to get local issuer certificate

Based on my research on SSL chains, (prompted by my initial post over on etesync-dav). I think I need to add the fullchain.pem certificate to the etebase configuration so that it can server the intermediate LetsEncrypt certificate to the etesync-dav client. However I don't see any envriomental variables in the docs that supports this.

Is this not supported, not documented, or am I fundamentally misunderstanding the issue?

Thanks for your time.

[victor-rds]

You just need to use the fullchain.pem instead of the cert.pem, really simple.

There is two ways to do this:

1. Remove cert.pem and rename fullchain.pem to cert.pem; OR
2. Set X509_CRT=/certs/fullchain.pem

I can connect to etebase from the android client, although I need to manually approve the certificate as the chain is missing.

And will fix your mobiles client problems too

Closing this for now, but feel free to ask for help here

[RockWest]

Well that was so simple I didn't even consider it.

Thanks you very much, worked perfectly.