anjia0532 commented on issue #4514: URL: https://github.com/apache/apisix/issues/4514#issuecomment-872733720
@tokers Nacos server certificate is generate by [https://letsencrypt.org/](https://letsencrypt.org/) .It's not a two-way certificate. run with curl ( `curl https://nacos.xxxx/nacos/v1/ns/instance/list?healthyOnly=true&serviceName=xxxx&namespaceId=xxx`) is ok . > Nacos 服务器的证书是通过 [https://letsencrypt.org/](https://letsencrypt.org/) 生成的普通单向证书,不是双向证书。在apisix的容器里使用curl 访问是可以的 `curl https://nacos.xxxx/nacos/v1/ns/instance/list?healthyOnly=true&serviceName=xxxx&namespaceId=xxx` . 根据 https://letsencrypt.org/certificates/ 所说的,letsencrypt的上一级签发是 ISRG_Root,我换成 `lua_ssl_trusted_certificate: "/etc/ssl/certs/ca-cert-ISRG_Root_X1.pem"` 也不行。 > 我现在将https降级成http,是可以同步了。 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
