Using real (not self-signed) certificates

Hi @dash
thanks for the reply. But my VM is reachable from the internet. The ports 80, 443, 3128 are reachable. And I can connect to the open balena instance by using the self signed certs from the internet. I am using the hosts file just because I can’t reach the haproxy on the localhost without it bacause of the external port forwarding. But with the hosts file everything worked like expected so far.

Ok, I found a solution. There is already an issue on github about that (issue 108). It seems that the fake-le-bundle.pem file is not up to date, so the staging environment does not work.
Commenting out line 182 and 183 of the file in the running cert-provider container avoids the staging environment and uses the production one directly. That worked but will hopefully be fixed in the future.

1 Like

@ppoth thank you!

If anyone has some issues with this don’t forget to delete the docker volumes as well… it was a minor thing that I had to take in consideration and took me quite a while to figure it out!.

scripts/compose down -v to remove the volumes is not enough, you actually need to run scripts/compose build to get the cert-provider script updated: RFC: cert-provider: skip staging and issue a production certificate directly by bernhardkaindl · Pull Request #134 · balena-io/open-balena · GitHub