How to use TLS Enabled correctly with helm?

🏬Self-hosted❓Question❌Unsolved

Use-case:
I want to enable TLS so my gateway and zitadel's exchanges are safer. When I enable it, it works my gateway and zitadels communications are encrypted over TLS! But,

zitadel-login

zitadel-login

fails to communicate with the API (

zitadel

zitadel

).
I added the ca cert and even zitadel's cert (generated using cert-manager) to

zitadel-login

zitadel-login

(mounted at

/etc/ssl/certs/ca.crt

/etc/ssl/certs/ca.crt

/etc/ssl/certs/zitadel.crt

/etc/ssl/certs/zitadel.crt

)
I modified ZITADEL_API_URL to match the exact service name registered in the certificate.
It fails (see logs bellow)
Environment: Self-Hosting
Version: v4.10.1
Stack: Brand new env
What you expected to happen:

zitadel-login

zitadel-login

automatically re-use the

serverSslCrtSecret

serverSslCrtSecret

, so communication works flawlessly.
Attachments:

Error [ConnectError]: [internal] unable to verify the first certificate
    at h.from (.next/server/chunks/5531.js:9:20772)
    at aA (.next/server/chunks/5531.js:1:24600)
    at ClientHttp2Session.h (.next/server/chunks/5531.js:1:32344) {
  rawMessage: 'unable to verify the first certificate',
  code: 13,
  metadata: Headers {},
  details: [],
  [cause]: [Error: unable to verify the first certificate] {
    code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
  }
}

Error [ConnectError]: [internal] unable to verify the first certificate
    at h.from (.next/server/chunks/5531.js:9:20772)
    at aA (.next/server/chunks/5531.js:1:24600)
    at ClientHttp2Session.h (.next/server/chunks/5531.js:1:32344) {
  rawMessage: 'unable to verify the first certificate',
  code: 13,
  metadata: Headers {},
  details: [],
  [cause]: [Error: unable to verify the first certificate] {
    code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
  }
}

How to use TLS Enabled correctly with helm?

Similar Threads