This is a known issue: https://apisix.apache.org/docs/apisix/FAQ/#how-do-i-fix-the-error-unable-to-get-local-issuer-certificate-in-apache-apisix
It will hopefully be fixed by: https://github.com/apache/apisix/pull/11664 On Thu, 7 Nov 2024 at 12:36, Nemus Dupper <ne...@grayhatlabs.com> wrote: > > I am running Api Six in stand-alone mode and want to use Vault for secret > management. > > I am using the Docker images, and I keep getting this error. I don't know how > to add certificates to the trust. > > global_rules: > - > id: 1 > plugins: > key-auth: > header: "Authorization" > > routes: > - id: "test_route" > uri: "/test" > plugins: > key-auth: {} > upstream: > type: roundrobin > scheme: "https" > nodes: > "postb.in:443": 1 > > consumers: > - username: nemus_dupper > plugins: > key-auth: > key: $secret://vault/1/nemus_dupper/auth-key > > secrets: > - id: vault/1 > ssl_verify: false > prefix: apisix > token: hvs.asdfasdfasdfasdf > uri: https://vault.mydomain.com:8200 > > api-gateway-1 | 2024/11/07 06:41:12 [error] 37#37: *1755 [lua] > secret.lua:180: fetch(): failed to fetch secret value: failed to retrtive > data from vault kv engine: 20: unable to get local issuer certificate, > client: 172.18.0.1, server: _, request: "GET / HTTP/1.1", host: > "127.0.0.1:8080" > api-gateway-1 | 2024/11/07 06:41:12 [warn] 37#37: *1755 [lua] > plugin.lua:1174: run_plugin(): key-auth exits with http status code 401, > client: 172.18.0.1, server: _, request: "GET / HTTP/1.1", host: > "127.0.0.1:8080"
