When trying to make requests to Tigris I get "Invalid peer certificate: Unknown issuer" error

I’m using the object_store crate from rust and am using the following method of building the client

    let bucket = std::env::var("AWS_BUCKET").unwrap();

    let endpoint = std::env::var("AWS_ENDPOINT_URL_S3").unwrap();
    let metadata_endpoint = std::env::var("AWS_ENDPOINT_URL_IAM").unwrap();
    let client_inner = AmazonS3Builder::from_env()
        .with_bucket_name(bucket)
        .with_endpoint(endpoint)
        .with_metadata_endpoint(metadata_endpoint)
        .build()
        .expect("Failed to create storage client");

This works when testing with localstack locally but when I deploy to flyio I get the following error

2024-12-30T18:31:07.368 app[e784937c65d558] iad [info] Caused by:

2024-12-30T18:31:07.368 app[e784937c65d558] iad [info] 0: Error after 10 retries in 7.661518458s, max_retries:10, retry_timeout:180s, source:error sending request for url (https://fly.storage.tigris.dev/murim-storage-staging/scene_stores/bb5fe1f5-c4bb-4d6c-8270-1e9a93894277.db)

2024-12-30T18:31:07.368 app[e784937c65d558] iad [info] 1: error sending request for url (https://fly.storage.tigris.dev/murim-storage-staging/scene_stores/bb5fe1f5-c4bb-4d6c-8270-1e9a93894277.db)

2024-12-30T18:31:07.368 app[e784937c65d558] iad [info] 2: client error (Connect)

2024-12-30T18:31:07.368 app[e784937c65d558] iad [info] 3: invalid peer certificate: UnknownIssuer

Could I get some help debugging?

Hello,

Tigris uses Let’s encrypt as certificate issuer. I believe rust uses system’s trust store for TLS connections. To validate and to get detailed error can you try running

curl -v https://fly.storage.tigris.dev/murim-storage-staging/scene_stores/bb5fe1f5-c4bb-4d6c-8270-1e9a93894277.db 

and post the output here.

Thanks

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.