unable to verify the first certificate, no alarm with nocheck-tls-errors

[rainerrose]

⚠️ Please verify that this bug has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

📝 Describe your problem

A probably misconfigured web server returns Certificate Chain: Invalid

I've enabled in the Advanced Settings of the Monitor

• Ignore TLS/SSL error for HTTPS websites
• Certificate Expiry Notification

However, this does not cause an alarm even though the defined days have been exceeded (Settings->Notification->TLS Certtificate Expiry)
It is an official TLS-Cert maybe intermediate Cert on Webserver is missing, but I don't have access to the web server, so I can't change it.
When I disable the option Ignore TLS/SSL error for HTTPS websites in the monitor throws unable to verify the first certificate 😢

Is it a bug in uptime-kuma or a misunderstanding on myself?

🐻 Uptime-Kuma Version

1.20.0

💻 Operating System and Arch

Centos 7

🌐 Browser

Edge Version 107.0+

🐋 Docker Version

23.0.0+

🟩 NodeJS Version

No response

[louislam]

intermediate Cert on Webserver is missing

I think you have answered.

My person opinion:
If it is just a website, you can ignore it, as it won't be a problem in modern browsers.
However, if it is an API, you should fix it, because for most programming languages, it cannot connect to your server. Uptime Kuma is an example, it is using Node.js.

[rainerrose]

Thank you for the quick response! ❤️

My person opinion: If it is just a website, you can ignore it,

Unfortunately, I have to monitor the expiration of the certificate on this website. And the customer is resistant to advice, but it falls back on our team when it is broken (resp. expired) The Website is visited only by browsers.
I had hoped that there would be analogous to curl --insecure in Node.js 🙏 ?

If the answer is Nope! I'll have to write a small shell-Script 😕 or a appointment on our digital calendar 🤷

[chakflying]

I think a possible solution is to manually download the missing intermediate cert, and add it to node.js using the environment variable. (example here)

[martinb07]

I have the same problem. I used the environment variable to set the path to the cert. It is a .cer-file from our internal CA in PEM format (it has an Begin Certificate and End Certificate)
How can I check that uptime kuma is recognizing the given cert?
The same cert is working on the server who should be monitored, by running traefik.

This is my docker-compose file:
`version: '2.0'

services:
uptime-kuma:
image: louislam/uptime-kuma
container_name: uptime-kuma
mem_limit: 500m
restart: always
environment:
- NODE_EXTRA_CA_CERTS = /app/data/certs/grafana-gwa.siemens.com.pem
volumes:
- /var/lib/docker/volumes/uptime-kuma/_data:/app/data
ports:
- 3001:3001`

When diving into the container, I see the cert is at the given location.

Thank you for your help.

[github-actions]

We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.

[github-actions]

This issue was closed because it has been stalled for 2 days with no activity.