Dashboard TLS Certificate Isssue when using Curl

Hi
My Traefik Dashboard works when accessing it with https://traefik.example-domain.com/dashboard/ on Google Chrome.

When acessing it via curl I get the following error:

curl: (60) SSL certificate problem: unable to get local issuer certificate

I have an *.example-domain.com cert from DigiCert specified. The same problem does also exist on other services.

Here is the IngressRoute for my Traefik Dashboard:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(traefik.example-domain.com)
    services:
    - kind: TraefikService
      name: api@internal
  tls:
    passthrough: false
    secretName: k8scertsecret

Hi @meilel

What is the format of your curl command?
Who is the provider/issuer of the certificate ?

It is likely the CA is either only included/imported on chrome, or invalid certificate exception was added for the site.

curl https://traefik.example-domain.com/dashboard/

The Certificat Provider is DigiCert

I also tried to add a CA via TLSOptions but it didn't work.

This is the debug output of my curl command:

*   Trying 10.0.175.30...
* TCP_NODELAY set
* Connected to traefik.example-domain.com (10.0.175.30) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Did you include the intermediate CA(s) in the certificate file?

You can also use https://www.ssllabs.com/ssltest/index.html to find any issues with your certificate chain, as well as many other things.

1 Like

That was the problem, i forgott to add the intermediate CA(s) in the certificate file.
Thanks for your help