Hi team! Quick question: I am self-hosting Phoenix and when I try to send traces to my instance, I get the following Certificate verification issue: requests.exceptions.SSLError: HTTPSConnectionPool(host='phoenix-route.cust-ops-comm-dev.aws.delta.com', port=443): Max retries exceeded with url: /v1 (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'phoenix-route.cust-ops-comm-dev.aws.delta.com'. (_ssl.c:1006)")) I have tried the following but none of these have worked:
os.environ["OTEL_EXPORTER_OTLP_CERTIFICATE"]="cert.pem"
os.environ["OTEL_EXPORTER_OTLP_INSECURE"] = "true"
What is usually the best practice here for handling this issue? Any ideas?
It seems likely that the issue is related to SSL certificate verification when sending traces to your self-hosted Phoenix instance. My understanding is that you might be dealing with a self-signed certificate or a certificate that doesn't match the hostname. Based on this Slack discussion, one approach is to disable SSL verification by setting verify=False in your HTTP client configuration. However, this is not recommended for production environments due to security risks. Alternatively, you can ensure that the certificate is correctly configured and matches the hostname you are using.Would you like more details on how to configure your client or server to handle this issue? Sources:
- this Slack discussion
💡 Hint: Mention RunLLM in the thread for followups.
is "cert.pem" the correct file for this endpoint? it’s saying it’s not valid
We tried to get the certificate directly from the endpoint: echo | openssl s_client -showcerts -state -connect <phx-receiver-endpoint>:443 -prexit > cert.pem
