How declare Minio autosigned certificate

I’m using a autosigned certificate for minio and mattermost operator to install it.
I don’t find any doc about how to specify ca.cert to validate the minio certificate.
I try chatgpt who give me these config:

  fileStore:
    external:
      url: https://minio.xxxx.com:8000
      bucket: mattermost-staging
      secret: backup-creds
      caSecret:  minio-ca-secret

But when I try it I still have this error

`Error: failed to initialize platform: failed to initialize filebackend: unable to connect to the s3 backend: Endpoint url cannot have fully qualified paths.`

`{"timestamp":"2025-03-03 16:52:24.506 Z","level":"info","msg":"Loaded configuration for logging","caller":"platform/config.go:146","source":"null"}`

`{"timestamp":"2025-03-03 16:52:24.506 Z","level":"debug","msg":"Advanced logging config not provided for notification logging","caller":"platform/config.go:148"}`

`{"timestamp":"2025-03-03 16:52:24.506 Z","level":"info","msg":"Server is initializing...","caller":"platform/service.go:175","go_version":"go1.20.7"}`

`{"timestamp":"2025-03-03 16:52:24.506 Z","level":"error","msg":"failed to initialize platform: failed to initialize filebackend: unable to connect to the s3 backend: Endpoint url cannot have fully qualified paths.","caller":"commands/server.go:76"}`

So I suppose it’s not a good solution.
I don’t find anything on doc talking about this kind of installation.

1 Like

Hi @obeyler! Thanks for bringing up this question. You’re in the right place for community insights! For specifying a custom CA certificate with MinIO in Mattermost installations, I recommend reviewing the Mattermost Operator configuration documentation. In particular, double-check the caSecret setup and ensure the MinIO URL doesn’t include a fully qualified path, as that seems related to the error you’re encountering. Let us know how it goes. We’re here to help!

Sorry John,
I already check the documentation and there is no info on caSecret So I’m not sure at all of how to proceed

Hi Olivier! Thank you for clarifying! It seems you’re diving into an advanced configuration that might not be explicitly covered in the current documentation. I suggest exploring the caSecret mechanism further by reviewing examples from Kubernetes’ custom secret configurations, as the error may stem from how the CA certificate is referenced. Keep us posted! We’d love to help you get this resolved!