TLS error with new Sectigo SSL certificate
28 views
Skip to first unread message
Thijs Vonk
Jun 12, 2025, 12:11:24 PMJun 12
to Prometheus Users
Hi
We renewed a certificate on a few hosts and prometheus and blackboxexporter are now not trusting the new certificate.
We get a tls: failed to verify certificate: x509: certificate signed by unknown authority
Browsers, curl and a few online certificate checkers trust the new certificate (chain).
I think it has something to do with the new Cross-signed certificates (See https://www.sectigo.com/knowledge-base/detail/Sectigo-Public-Intermediates-and-Roots/kA0Uj0000003eovKAA) The root CRT is the "Sectigo Public Server Authentication Root R46"
But I don't understand how to fix it. What do I need to change to have prometheus (and blackboxexporter) also trust the new certificate (chain)?
But I don't understand how to fix it. What do I need to change to have prometheus (and blackboxexporter) also trust the new certificate (chain)?
Kind regards,
Thijs Vonk
Reply all
Reply to author
Forward
0 new messages