Digging a little deeper... if I add the Let's Encrypt CA to /etc/pki/ovirt-engine/.truststore, imageio-proxy works (I can successfully upload an ISO), so I guess the issue is that imageio-proxy uses the same cert for web and engine communication and the engine wasn't happy with the public-CA-signed cert.
So, rather than point part of the engine at a separate trust store (as the docs recommend), maybe just add the public CA to the engine's existing trust store? However, while digging, I also noticed that now the engine is not communicating with ovirt-provider-ovn, possibly due to a similar issue? It is having the reverse problem; it rejects the engine's cert. This is all on 4.2.8 BTW. -- Chris Adams <[email protected]> _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/FC6FNKINSVQFA7FDO2D6FBSHP2U5D7WI/
