Unable to show or list certs/Unable to get local issuer certificate

I’ve created and deployed a new fly instance, and I’m trying to check that the ssl cert was setup correctly, but flyctl certs show -a appname gives the error Error accepts 1 arg(s), received 0

Is there a different command that works?

The error that caused my check is this:
sjc [info] thread 'actix-rt|system:0|arbiter:0' panicked at 'called Result::unwrap()on anErr value: reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("api.airtable.com")), port: None, path: "/v0/secret_key/OEM", query: Some("pageSize=100&view=Grid+view&fields=PART_NUM"), fragment: None }, source: hyper::Error(Connect, Ssl(Error { code: ErrorCode(1), cause: Some(Ssl(ErrorStack([Error { code: 337047686, library: "SSL routines", function: "tls_process_server_certificate", reason: "certificate verify failed", file: "../ssl/statem/statem_clnt.c", line: 1915 }]))) }, X509VerifyResult { code: 20, error: "unable to get local issuer certificate" })) }', /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/airtable-api-0.1.33/src/lib.rs:166:59

Essentially I’m trying to query the Airtable API and return some data, which works locally but not on Fly for some reason. I am able to query my GraphQL API on the fly instance via https though, so it seems like an outbound ssl from fly issue.

The show command takes a hostname: fly certs show example.com -a <appname> should do it.

That error looks unrelated to your app certs though. I think it’s saying that it can’t verify a certificate for api.airtable.com?

That does show the correct certificate. The same query run from my desktop to the rust app works flawlessly.

This was my fault. Hyper uses openssl but I didn’t include the ca-certificates package in my docker install. Everything’s great now. Thanks Kurt!

1 Like

We have done exactly that. It’s the weirdest thing to have to think about in Docker.