SSL root certificate error when configuring a cache

Summary

When configuring a cache to use SSL, i am seeing a root certificate error, even though the certificates are supplied by a trusted authority.

Steps to reproduce

Configure the cache via the systemd file as shown in the docs, but with certificates supplied by Lets Encrypt

What is the current bug behavior?

The cache fails to start on push/pull

What is the expected correct behavior?

The cache should be able to receive artifacts from a client that has access to the correct push certificate

Relevant logs and/or screenshots

Oct 02 17:29:49 CAS-server-fedora-s-3vcpu-1gb-ams3-01 systemd[1]: Started Buildstream Artifact pul/push server.
Oct 02 17:29:50 CAS-server-fedora-s-3vcpu-1gb-ams3-01 bst-artifact-server[921]: E1002 17:29:50.693824757     921 ssl_transport_security.cc:619] Could not add root certificate to ssl context.
Oct 02 17:29:50 CAS-server-fedora-s-3vcpu-1gb-ams3-01 bst-artifact-server[921]: E1002 17:29:50.694320068     921 ssl_transport_security.cc:1849] Invalid verification certs.
Oct 02 17:29:50 CAS-server-fedora-s-3vcpu-1gb-ams3-01 bst-artifact-server[921]: E1002 17:29:50.694386114     921 security_connector.cc:1160] Handshaker factory creation failed with TSI_INTERNAL_ERROR.
Oct 02 17:29:50 CAS-server-fedora-s-3vcpu-1gb-ams3-01 bst-artifact-server[921]: E1002 17:29:50.694442632     921 server_secure_chttp2.cc:84] {"created":"@1538501390.694407335","description":"Unable to create secure server with credentials of type Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":63,"security_status":1}

Possible fixes

Other relevant information

• BuildStream version affected: /milestone %BuildStream_v1.x

---