[GH-ISSUE #151] Getting certificate error when connecting to elasticache redis #385

New issue

Closed

opened 2026-03-07 22:14:55 +03:00 by kerem · 1 comment

kerem commented

2026-03-07 22:14:55 +03:00

Owner

Originally created by @seanyu4296 on GitHub (Sep 2, 2021).
Original GitHub issue: https://github.com/hibiken/asynqmon/issues/151

Setup

Dockerfile

FROM alpine:3.6 as alpine

RUN apk add -U --no-cache ca-certificates

FROM hibiken/asynqmon:0.2.2 as asynqmon
COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/cert

EXPOSE 3000
ENTRYPOINT [ "./asynqmon", "--redis-url=rediss://xxxx", "--redis-password=xxxxx", "--port=3000"  ]

Error

500 (Internal Server Error): x509: certificate signed by unknown authority

overrideMethod @ react_devtools_backend.js:2850

Would u know on how to fix this? I tried doing this https://stackoverflow.com/questions/52601404/aws-ses-error-x509-certificate-signed-by-unknown-authority ? which explains the dockerfile above

Originally created by @seanyu4296 on GitHub (Sep 2, 2021). Original GitHub issue: https://github.com/hibiken/asynqmon/issues/151 ## Setup Dockerfile ``` FROM alpine:3.6 as alpine RUN apk add -U --no-cache ca-certificates FROM hibiken/asynqmon:0.2.2 as asynqmon COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/cert EXPOSE 3000 ENTRYPOINT [ "./asynqmon", "--redis-url=rediss://xxxx", "--redis-password=xxxxx", "--port=3000" ] ``` ## Error ``` 500 (Internal Server Error): x509: certificate signed by unknown authority overrideMethod @ react_devtools_backend.js:2850 ``` Would u know on how to fix this? I tried doing this https://stackoverflow.com/questions/52601404/aws-ses-error-x509-certificate-signed-by-unknown-authority ? which explains the dockerfile above

kerem closed this issue

2026-03-07 22:14:55 +03:00

kerem commented

2026-03-07 22:14:56 +03:00

Author

Owner

@seanyu4296 commented on GitHub (Sep 23, 2021):

was able to fix this through

 &tls.Config{
		// Set InsecureSkipVerify to skip the default validation we are
		// replacing. This will not disable VerifyPeerCertificate.
		InsecureSkipVerify: true,

		// While packages like net/http will implicitly set ServerName, the
		// VerifyPeerCertificate callback can't access that value, so it has to be set
		// explicitly here or in VerifyPeerCertificate on the client side. If in
		// an http.Transport DialTLS callback, this can be obtained by passing
		// the addr argument to net.SplitHostPort.
		ServerName: res.TLSConfig.ServerName,

		// On the server side, set ClientAuth to require client certificates (or
		// VerifyPeerCertificate will run anyway and panic accessing certs[0])
		// but not verify them with the default verifier.
		ClientAuth: tls.RequireAnyClientCert,
	}

@seanyu4296 commented on GitHub (Sep 23, 2021): was able to fix this through ```go &tls.Config{ // Set InsecureSkipVerify to skip the default validation we are // replacing. This will not disable VerifyPeerCertificate. InsecureSkipVerify: true, // While packages like net/http will implicitly set ServerName, the // VerifyPeerCertificate callback can't access that value, so it has to be set // explicitly here or in VerifyPeerCertificate on the client side. If in // an http.Transport DialTLS callback, this can be obtained by passing // the addr argument to net.SplitHostPort. ServerName: res.TLSConfig.ServerName, // On the server side, set ClientAuth to require client certificates (or // VerifyPeerCertificate will run anyway and panic accessing certs[0]) // but not verify them with the default verifier. ClientAuth: tls.RequireAnyClientCert, } ```