helm: x509: certificate signed by unknown authority

In my case, I was running for a single self-manage and the config file was also container ca-file, so the following the above answer was throwing below error

Error: Kubernetes cluster unreachable: Get "https://XX.XX.85.154:6443/version?timeout=32s": x509: certificate is valid for 10.96.0.1, 172.31.25.161, not XX.XX.85.154

And my config was

- cluster:
    certificate-authority-data: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    server: https://54.176.85.154:6443
    insecure-skip-tls-verify: true

So I had to remove the certificate-authority-data.

- cluster:
    server: https://54.176.85.154:6443
    insecure-skip-tls-verify: true

In my case the error was caused by an untrusted certificate from the Helm repository. Downloading the certificate and specifying it using the --ca-file option solved the issue (at least in Helm version 3).

helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository

--ca-file string, verify certificates of HTTPS-enabled servers using this CA bundle


As a workaround you can try to disable certificate verification. Helm uses the kube config file (by default ~/.kube/config). You can add insecure-skip-tls-verify: true for the cluster section:

clusters:
- cluster:
    server: https://cluster.mysite.com
    insecure-skip-tls-verify: true
  name: default

Did you already try to reinstall helm/tiller?

kubectl delete deployment tiller-deploy --namespace kube-system
helm init

Also check if you have configured an invalid certificate in the cluster configuration.


Use --insecure-skip-tls-verify to skip tls verification via command line

helm repo add stable --insecure-skip-tls-verify https://charts.helm.sh/stable