jaysaurus

Ok, many thanks for your time

No joy, django.db.utils.OperationalError: (2026, 'SSL connection error: error:0A000086:SSL routines::certificate verify failed') But in fact, i think there's more to this. Normally you would need to generate a new private key and certificate for the client. This typically involves the following steps: 1. Generate a new private key for the client. 2. Create a certificate signing request (CSR) for the new private key. 3. Submit the CSR to a certificate authority (CA) to get it signed, resulting in a new client certificate. thus my config needs: 'ssl': { 'ca': os.path.join(BASE_DIR, 'ca.pem'), 'cert': os.path.join(BASE_DIR, 'cert.pem'), 'key': os.path.join(BASE_DIR, 'key.pem'), } and I can't generate those client certificates because I can't vouch for ownership of the domain: it's your domain. After a bunch of conversations with Chat GPT, this is the take home: "typically in a hosting arrangement, the hosting provider owns and controls the physical server and the associated domain. As a customer, you’re renting space on their server to host your website or application. However, you usually have the ability to manage your own content and sometimes certain configurations within your rented space. If you need to generate SSL certificates for a domain that’s controlled by your hosting provider, you would typically need to go through them or use a service they provide. This is because generating a certificate for a domain requires proving control over that domain, which is something the hosting provider would be able to do." So is there some avenue through plesk to get my hands on a client key and certificate? Cos I don't think there's any way for me to do it with what I found on there... the key and certificate on the plesk page are - in all likelihood - the server key and certificate and SSL is asymmetric.

ugh well that rendered badly if you can't read that:

ok, but in which case, where am i deriving my SSL details from? The auto-ssl setup via let's encrypt refers to the aforementioned `foo.helioho.st` and not tommy2.heliohost.org ... i've tried supplying that to my config. If I remove the 'ssl' property the site connects. Do I need to supply anything else? And hey, thanks for all the help thus far, it's enormously appreciated (config in next post, it was playing up on this post)

yeah my heliohost domain so say it was "foo" foo.helioho.st

So I guess my question is: Is there any config I need to do on the Heliohost side or is it simply a case of copying the CA certificate(s) from the Plesk, pasting it/them in a ca.pem and then adjusting my respective framework to reference the ca? (meaning I probably need to ask render what hoops I have to jump through to make it talk on their server). or do I need to generate some client certificates or something based on what I have setup with you?

oh, that's also the same issue on my machine. running ubuntu 22.

no, it's on render saves me a lot of stress as I can deploy directly from gitlabs over ci/cd, but I can supply stuff like .pem to it using private files etc. you have an open way of communicating with mysql and I'm hosting that via Tommy

mysql

Hiya, I have a django instance I'd like to get talking to the DB on heliohost over SSL. I set up a let's encrypt certificate and I've found the CA/Secret-key/Certificate info on plesk. What I don't understand is how to make that talk via django. I've tried copying the CA info into a CA.pem on my machine and entering the path to that CA.pem into my settings.py as intended. but I just get back: "django.db.utils.OperationalError: (2026, 'SSL connection error: error:0A000086:SSL routines::certificate verify failed')" I note, that in my plesk there are 2 CA files one immediately after the other, all in one box in the UI. I'm not sure whether that should or shouldn't be the case, nor which I ought to use if either. I've been going round in circles with GPT trying to figure this stuff out and I'm completely stumped. Any suggestions please?