Skip to content

Instantly share code, notes, and snippets.

@tnm

tnm/josh-tls-certificate-fix.md

Created October 30, 2025 01:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save tnm/e2b89cb5604022b725406d3aff06ba05 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save tnm/e2b89cb5604022b725406d3aff06ba05 to your computer and use it in GitHub Desktop.
Download ZIP
Fix for TLS Certificate Error in Cased CD Enterprise
Raw
josh-tls-certificate-fix.md

Fix for TLS Certificate Error - Josh

The Problem

You're seeing this error:

http: proxy error: tls: failed to verify certificate: x509: certificate signed by unknown authority

This happens because the enterprise backend is trying to connect to ArgoCD over HTTPS, but ArgoCD is using a self-signed certificate that the backend doesn't trust.

The Fix

I just pushed a fix that adds an argocd.insecure flag to skip TLS verification. Here's what you need to do:

Update Your ArgoCD Application

Add argocd.insecure: true to your Application's helm values:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cased-cd
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://cased.github.io/cased-cd
    chart: cased-cd
    targetRevision: 0.1.20  # Or latest version
    helm:
      values: |
        # Registry secret for enterprise image
        imagePullSecrets:
          - name: cased-cd-registry

        # ArgoCD connection settings
        argocd:
          server: "https://argocd-server.argocd.svc.cluster.local"
          insecure: true  # ← ADD THIS LINE

        # Enterprise configuration
        enterprise:
          enabled: true
          auditTrail:
            enabled: true
          image:
            repository: registry.cased.com/cased/cased-cd-enterprise

  destination:
    server: https://kubernetes.default.svc
    namespace: default  # Or your namespace

  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Apply the Change

# If you're managing the Application via kubectl:
kubectl edit application cased-cd -n argocd

# Then add this under argocd:
#   insecure: true

# ArgoCD will automatically sync and redeploy

Wait for the new pod

# Watch the pod restart
kubectl get pods -n default -w

# Check the new pod logs
kubectl logs -n default -l app.kubernetes.io/component=enterprise --tail=50

You should see the TLS error disappear!

Alternative: Use HTTP Instead

If you don't want to use insecure mode, you can change your ArgoCD server URL to use HTTP:

argocd:
  server: "http://argocd-server.argocd.svc.cluster.local:80"
  # insecure not needed when using HTTP

But insecure: true is fine for development/testing with self-signed certs!

Verify It's Fixed

Once the pod is running, check if the enterprise features load:

kubectl port-forward svc/cased-cd 8080:80 -n default

Visit http://localhost:8080 and check if RBAC/Audit/Users tabs show up.

The fix is live in the main branch now! Just add argocd.insecure: true and sync your Application.

Let me know if you still see issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment