SSL Error when using "untrusted" certificate from Lets Encrypt CA

Answered

Hello,

I get the following error when trying to access my self-hosted GIT server as a VCS in TeamCity. The GIT server is only accessible via HTTPS and uses a certificate issued by the new Lets Encrypt CA:

List remote refs failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It's apparent that the JRE doesn't have the root LE cert installed, which is why it is seeing it as untrusted. Yet after adding it, it's still untrusted.

I tried adding the root certificate from Lets Encrypt, using the following command:

keytool -importcert -trustcacerts -file <path to root certificate> -keystore cacerts -storepass <password>
 

I have verified that the certificate is in the keystore.

Am I missing something?

2 comments

Fixed it.

Turns out: -keystore cacerts is wrong.

I needws to add the full path to the internal JRE cacerts file instead.

0

Hi Dan,

Thank you for the update. Glad that issue is resolved!

0

Please sign in to leave a comment.