Minio CURLE_PEER_FAILED_VERIFICATION

[xlameee]

Hello

I have opened a forum post in virtualmin, because I told that my Issue is related to their software, but seems the problem comes from MINIO.
They said "Probably best to ask within the minio community", but I can't find minio forum and my minio is installed on Truenas as a plugin I will try it here.

So. I have a web server with wordpress installed on virtualmin and I have a plugin for Wordpress called "Media Cloud" witch allowed me to offload my media to amazon S3 or in my case MINIO. The problem is that my MINIO have self signed Certificate and when this plugin is trying to connect to MINIO I am getting cURL Error 60

Code:

CURLE_PEER_FAILED_VERIFICATION (60)

The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51

I can use -k --insecure to bypass curl, but is there a way to make my web server trust the self signed certificate of my minio server?

The last of answer of the user from Virtualmin Forum was:

In the past I have had to import the certificate .pem and .key file to the server for a service I used (not minio). Its app specific and process depends on the service. Some will use own portals whilst others require you to manually copy across. Probably best to ask within the minio community of people who have done this themselves with the self generated certificate.

Thank you


P.S : Please don't ask mi to install Let's Encrypt. Minio and Wordpress are on my Private Network. Thank you

 

[danb35]

Please don't ask mi to install Let's Encrypt.

No, we already went around that once. But it would avoid this problem.

I don't know why Virtualmin thinks this is a Minio problem; it clearly doesn't belong there, though it probably isn't strictly with Virtualmin either. The problem, as you've identified, is that your client software doesn't trust your cert, which has nothing to do with the server (Minio) that's providing the cert. The likely answer is going to be with whatever OS you're running on that web server--figure out how to import a cert into that OS's trust store, and you'll likely be fine.

 

[xlameee]

I know that answer but I don't know how to import into the trust store. As I quote the one of the users from Vitualmin

Its app specific and process depends on the service. Some will use own portals whilst others require you to manually copy across.

and I agree, because I found some stuff on the web different methods to imported but none of them are working

Virtualmin is installed on Ubuntu 20.04.3

 

[danb35]

I don't know how to import into the trust store.

Why do you think we'd know? It's not like your question has anything at all to do with Free/TrueNAS.

none of them are working

If you're using a truly self-signed cert (rather than a cert that's signed by a separate CA cert, which you also control), this could be the problem--there's no CA cert to trust. But ultimately, that's your question--how to get either Ubuntu 20.04 itself, or more specifically the Media Cloud plugin for Wordpress, to trust your cert.

 

[xlameee]

minio is installed on Truenas

I followed your tutorial to create a self signed certificate

SOLVED - Generate Self-Sign Certificate for MINIO Plugin

Hello I have been looking for few instructions how to generate SSL Certificate to run minio plugin with HTTPS and seems none of them are working for me. Can someone provide me with step by step how to generate self-sign certificate for minio plugin Thank you

www.truenas.com

If that can help

 

[xlameee]

Why do you think we'd know? It's not like your question has anything at all to do with Free/TrueNAS.

If you're using a truly self-signed cert (rather than a cert that's signed by a separate CA cert, which you also control), this could be the problem--there's no CA cert to trust. But ultimately, that's your question--how to get either Ubuntu 20.04 itself, or more specifically the Media Cloud plugin for Wordpress, to trust your cert.

Hello

Thank you for helping me

It was the problem with subjectAltName in minio.conf

DNS.1 = minio

should be the Fully qualified Domain name

DNS.1 = minio.domain.ltd

Then I did SCP from .../certs/public.crt to the webserver directory /usr/local/share/ca-certificates/

and I RUN command

Code:

update-ca-certificates

so its working, but now when the plugin rewrite the URL (Witch how it should be) and I test the URL

I am getting the following ERROR

Code:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied.</Message>
<Key>sites/2/sites/2/2021/11/beets-vector-3.jpg</Key>
<BucketName>wwwarche</BucketName>
<Resource>
/wwwarche//sites/2/sites/2/2021/11/beets-vector-3.jpg
</Resource>
<Region>anthe</Region>
<RequestId>16BB122BF07F62C5</RequestId>
<HostId>7f742c70-3410-462f-9c02-803726ad7d18</HostId>
</Error>

 

[xlameee]

Never mind I just forgot to change the bucket from PRIVATE to PUBLIC

I want to thank you to all for you help

Problem solved

Thank you