Keywords: Mattermost - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: d9f60eb8-82cd-fca8-7c32-b2e83df159e3
Following the instructions at https://docs.bitnami.com/installer/apps/mattermost/administration/enable-https-ssl-nginx/, I realized that I had to ignore the installdir mentioned in that document (/opt/bitnami/nginx/conf) and instead put my server.crt and server.key in /opt/bitnami/apps/mattermost/conf/certs/.
I can now connect to the mattermost app over https, but its configuration is incomplete according to several web tools I used to check it. According to a Github issue, this may be why none of my members can connect via their Android apps.
For example, ssldecoder.org gives the following 3 warnings:
- validating certificate chain failed. Probably non-trusted root/self signed certificate, or the chain order is wrong.
- HTTP Strict Transport Security not set.
- OCSP Stapling not enabled.
hain sent by Server
(in server order) Name...........: prooffreader.club
Issued by......: COMODO RSA Domain Validation Secure Server CA
- Validating certificate chain failed:
Error: Validating certificate chain failed: OU = Domain Control Validated, OU = PositiveSSL, CN = prooffreader.club
error 20 at 0 depth lookup:unable to get local issuer certificate
The validation of this certificate failed. This might be because of an incorrect or incomplete CA chain. Based on the 'authorityInfoAccess' extension and earlier saved certificates, the below result probably contains the correct CA Chain, in the correct order, for this certificate. The result also contains your certificate as the first one.
The same Bitnami documentation above mentions installdir/nginx/conf/bitnami/bitnami.conf and this documentation page : https://docs.bitnami.com/general/infrastructure/nginx/administration/force-https-nginx/ refers to it.
That file is not there. Doing sudo find / -n bitnami.conf reveals no likely candidate.
Please advise. Android connectivity is crucial to my use case.