Certificate verify failed: unable to get issuer

Pedi · December 13, 2023, 11:59am

CMK version: 2.2.0p12
OS version: Debian 12 64bit

Error message:

root@test22:~# cmk-update-agent register
Using previous settings from /etc/cmk-update-agent.state.
Our host name in the monitoring:
test22

User with registration permissions:
cmkadmin

Password:

HTTPSConnectionPool(host=‘checkmk.example.io’, port=443): Max retries exceeded with url: /main/check_mk/login.py (Caused by SSLError(SSLCertVerificationError(1, ‘[ SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1076)’)))
See syslog or Logfile at /var/lib/check_mk_agent/cmk-update-agent.log for details.

Hello,
im new with checkmk and maybe someone can help me. I secured my CheckMK (Test) with a Let’s Encrypt (LE) certificate. I used fullchain.pem and privkey.pem for the apache configuration. GUI with LE certificate works without problems.
Now i configured update via HTTPS and enable Certificates for HTTPS verification. I tried fullchain.pem and chain.pem, both not working. I also tried ISRG Root X1 (.pem) and Let’s Encrypt R3 (.pem) from Chain of Trust - Let's Encrypt . I dont know what is wrong, but i get the above Error-Message. Without Certificates for HTTPS verification, my agents-update works without problems.
Which file/content i have to upload/paste to fix this problem?

Thank you for your time

My configuration:

regards
Pedi

r.sander · December 13, 2023, 2:28pm

This is the root CA certificate that should be used in the updater configuration. Make sure that the webserver really hands out the rest of the certificate chain.

Pedi · December 15, 2023, 2:20pm

Thank you, i reinstalled my agents and it works now.

–Closed–