Error: peer certificate cannot be authenticated with given ca certificates NGINX, TOMCAT 8 and GOGS with CA certificate

I’m trying to configure a VPS on Ubuntu Server 18.04 which I hace installed GOGS, JENKINS and TOMCAT. With Nginx, I only allow to make https requests but when I make from Insomnia to an api web service deployed in Tomcat I’m getting the message "peer certificate cannot be authenticated with given ca certificates ". It’s the same message as when I push a commit in a Gogs repository. The ssl certificate is signed by a CA. I don’t know what’s going on, but I share the Nginx and Gogs configuration to get started.

Nginx config:

upstream tomcat {
    server 127.0.0.1:8081 weight=100 max_fails=5 fail_timeout=5;
}

server {
    listen 443 ssl;
    server_name serverName;

    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/certificate.key;

    root /var/www;
    index index.php;

    # TOMCAT8
    location /manager {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://tomcat/manager;
    }
    location /test {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://tomcat/test;
    }
    location ~ \.jsp$ {
       proxy_pass http://127.0.0.1:8081;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Server-Proto $server_protocol;
    }

    # GOGS
    location /gogs/ {
        proxy_pass http://localhost:3000/;
    }
}

Gogs server config:

[server]
DOMAIN           = localhost
HTTP_PORT        = 3000
ROOT_URL         = https://serverName/gogs/
DISABLE_SSH      = false
SSH_PORT         = 22
START_SSH_SERVER = false
OFFLINE_MODE     = false
CERT_FILE        = /etc/nginx/ssl/certificate.crt
KEY_FILE         = /etc/nginx/ssl/certificate.key

If you have SSL setup with a reverse proxy, you don’t need to setup again in the Gogs config (i.e. app.ini).

Thank you, I just resolved it by following this post: https://github.com/gogs/gogs/issues/1212

It was mainly a issue related to the certificate, although there were things to improve in the configuration.