I know there a few similar topics on the forum already and all seemed to be referring to the export NODE_EXTRA_CA_CERTS var on the development machine. It seems that I have it set correctly but still for some reason I see this error on balena login:
SELF_SIGNED_CERT_IN_CHAIN: request to https://api.mydomain.com/login_ failed, reason: self signed certificate in certificate chain
Here are some details:
development machine: OSX with balena-cli 12.9.1
openbalena server: GCE instance w/ openbalena v2.0.3
(on the dev machine)
cat $NODE_EXTRA_CA_CERTS
-----BEGIN CERTIFICATE-----MIIFUTCCAzmgAwIBAgIUcgeS5S7kkcFz0PLL08o7AOkXbJYwDQYJKoZIhvcNAQEL…(truncated)
On the first install attempt I forgot to set the custom domain and then reinstalled after a complete cleanup on both server/dev machine (ca.crt & balena-cli) to be sure.
For sanity check, if I browse to https://api.mydomain.com/login_ on safari it does pick up the installed certificate from the keychain correctly and shows that it is trusted
with html response cannot GET / (understandably)
What am I still missing?