I just installed influxdb 2.1.6 on docker 20.10.5 on Debian 11 on x64.
https is enabled and works for the web interface.
But when I try to use any CLI command - from the docker shell or influxdb-cli on another host - I always get the mentioned certificate error. Example:
$ docker exec -ti influxdb influx org list
Error: failed to list orgs: Get "https:// ... :8086/api/v2/orgs?org=home": x509: certificate signed by unknown authority
The certificate is a wildcard certificate for my domain issued by ZeroSSL and valid until may.
How can I get influxdb-cli working?
PS: the url in the example error message works when I use it with a web browser and returns the requested org list.
Hi,
Did you found a workaround. I’m in a quite similar situation of a ZeroSSL issued certificate and I’m doing
./influx bucket create --name sample-bucket -c onboarding
and getting
Error: failed to lookup org with name "MyOrg": Get "https://vps-XXXXXXXX.vps.ovh.net:8086/api/v2/orgs?org=MyOrg": x509: certificate signed by unknown authority
Here is my docker-compose.yml
version: '3'
services:
influxdb:
image: influxdb:latest
container_name: influxdb2
volumes:
- ./influxdb_data:/var/lib/influxdb2:rw
- ~/certs/certificate.crt:/etc/ssl/influxdb-selfsigned.crt
- ~/certs/private.key:/etc/ssl/influxdb-selfsigned.key
ports:
- 8086:8086
restart: unless-stopped
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=$INFLUXDB_ADMIN_USERNAME
- DOCKER_INFLUXDB_INIT_PASSWORD=$INFLUXDB_ADMIN_PASSWORD
- DOCKER_INFLUXDB_INIT_ORG=$INFLUXDB_ORG
- DOCKER_INFLUXDB_INIT_BUCKET=$INFLUXDB_BUCKETNAME
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXD_TLS_CERT=/etc/ssl/influxdb-selfsigned.crt
- INFLUXD_TLS_KEY=/etc/ssl/influxdb-selfsigned.key
Any idea?
The only solution is found is to use --skip-verify flag.
And so I’m doing
./influx bucket create --name sample-bucket -c onboarding --skip-verify
But it’s really safe?
