I have requested a Let’s Encrypt certificate for the domain pointing to the Teleport daemon server (where all the 3 roles are running), the teleport config file has the 2 attributes
https_cert_file pointing to the certificate files, and connecting via HTTPS (port 3080) works fine from the web browser and the CLI.
Running the command
openssl s_client -connect my.domain.co:3080 returns me:
Verify return code: 0 (ok)
When I’m trying to add a node, it complains about the certificate when trying to GET the Auth API service on port 3025, so I tried again the command with the Auth API port:
$ openssl s_client -connect my.domain.co:3025
But it ends with:
Verify return code: 21 (unable to verify the first certificate)
Looking at the 2 commands output, I have 2 different chains.
For port 3080, the working one:
--- Certificate chain 0 s:/CN= my.domain.co i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 ---
For the 3025, the non-working one:
--- Certificate chain 0 s:/street=/postalCode=null/O=Admin/CN=XXX7593f-XXXX-XXXX-XXXX-9c3ddffXXXdb.main i:/O=main/CN=main/serialNumber=XXXXXXXX80726707227984962830839XXXXXXXXX ---
So it’s like the Auth API is not using the SSL certificate, or a self-signed one, not sure.
Can you please help me to solve this so that the Auth API uses the right certificate?