Symptoms
The deploy script is unable to build trust and fails with error:
Failed to authenticate with PrivX: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)
Circumstances
The PrivX instance is running in Amazon and the TLS certificate is provided by AWS CA (e.g. using AWS ALB).
Solution
- Prepend Amazon Root CA certificate to the trust achor certificate chain
- Run
/opt/privx/scripts/init_nginx.sh update-trust /path/to/ca_chain.crt
- Restart PrivX service
- Redownload the deploy script