I am trying to use a remote ignition file to help provision a CoreOS image. However, when it attempts to download the ignition file, it errors out saying:
x509: certificate signed by unknown authority
How do I get around this error? Here is the stanza of the local ignition file that tries to download the remote ignition file:
{
“ignition”: {
“config”: {
“replace”: {
“source”: “https://traefik.myserver.com/ignition.json”,
“verification”: {}
}
},
“security”: {
“tls”: {}
},
“timeouts”: {},
“version”: “3.0.0”
},
Thanks for the quick response. What does that consist of? I am using a Comodo Certificate, so shouldn’t that certificate supplier already be a recognized authority? If not, then how do I configure it recognize a Comodo SSL certificate?
Also it is not possible to use fcc to create these ign files. For instance when I try to use the exact example for Retrieving a remote Ignition file via http, that I copied verbatim from Content Moved :: Fedora Docs, then I get this error:
$ sudo su -c 'docker run -i --rm quay.io/coreos/fcct:release --pretty --strict < remotereplace.fcc > remotereplace.ign'
Error translating config: yaml: unmarshal errors:
line 6: cannot unmarshal !!seq into v0_1.ConfigReference
line 12: cannot unmarshal !!seq into v0_1.Verification
Ok, the new example can be successfully transpiled into a json file, thanks for updating that. However, I still get an x509 certificate error when I attempt to load the remote ignition file. What do I have to do to get this to work? This is the current fcc file that i used:
During the boot phase, I can see that it reaches out to haxx.ce to get the PEM file, but it still gives me the x509 error when it goes to retrieve the remote ignition file.