SSL Error when using "untrusted" certificate from Lets Encrypt CA
Hello,
I get the following error when trying to access my self-hosted GIT server as a VCS in TeamCity. The GIT server is only accessible via HTTPS and uses a certificate issued by the new Lets Encrypt CA:
List remote refs failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
It's apparent that the JRE doesn't have the root LE cert installed, which is why it is seeing it as untrusted. Yet after adding it, it's still untrusted.
I tried adding the root certificate from Lets Encrypt, using the following command:
keytool -importcert -trustcacerts -file <path to root certificate> -keystore cacerts -storepass <password>
I have verified that the certificate is in the keystore.
Am I missing something?
Please sign in to leave a comment.
Fixed it.
Turns out: -keystore cacerts is wrong.
I needws to add the full path to the internal JRE cacerts file instead.
Hi Dan,
Thank you for the update. Glad that issue is resolved!