Description
Describe your question/
When attempting to fetch an access token from the OAuth2 endpoint, the process fails due to an SSL certificate verification error. The error indicates that the certificate chain includes a self-signed certificate, which is causing the verification to fail.
Relevant info
Hi, I'm trying to set up Authentics social login with an OIDC Ory Hydra.
The Ory Hydra OIDC works fine (no errors when logging in). After log in with OIDC user redirected back to Authentik with error
Logs
{
"auth_via": "unauthenticated",
"domain_url": "sso.brnv.rw",
"event": "Unable to fetch access token",
"exc": "SSLError(MaxRetryError("HTTPSConnectionPool(host='oauth2.brnv.rw', port=443): Max retries exceeded with url: /oauth2/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)')))"))",
"host": "sso.brnv.rw",
"level": "warning",
"logger": "authentik.sources.oauth.clients.oauth2",
"pid": 55,
"request_id": "b3f7988628a246c7a8c66466dd5e4d44",
"response": "HTTPSConnectionPool(host='oauth2.brnv.rw', port=443): Max retries exceeded with url: /oauth2/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))",
"schema_name": "public",
"timestamp": "2025-02-25T07:40:06.975984"
}
Certificate was added to a trusted ca store.
Checks for certificates worked well from inside containers using the curl,
openssl s_client -connect oauth2.brnv.rw:443 -showcerts
- authentik version: [e.g. 2025.2.0]
- Deployment: docker-compose