Stub server ignores --insecure-tls

[serandel]

Hi, I'm trying to use the Pact stub server as follows:

❯ docker run -t -p 38080:38080 --rm pactfoundation/pact-stub-server --insecure-tls --broker-url https://my-pact-broker.com --user pact_admin:password --loglevel debug --provider-name my-provider --consumer-name my-consumer

But I get the following error:

2025-02-21T17:01:49.668174Z DEBUG main pact_stub_server: Loading all pacts from Pact Broker at https://my-pact-broker.com using User(pact_admin, pass*******) authentication
2025-02-21T17:01:49.668466Z  INFO main pact_verifier::pact_broker: Fetching path '/' from pact broker
2025-02-21T17:01:49.668799Z DEBUG tokio-runtime-worker hyper::client::connect::dns: resolving host="pact-broker.internal.dev.euwest.azure.bestsecrettec.com"
2025-02-21T17:01:50.670714Z DEBUG                 main hyper::client::connect::http: connecting to 10.252.21.210:443
2025-02-21T17:01:50.726462Z DEBUG                 main hyper::client::connect::http: connected to 10.252.21.210:443
2025-02-21T17:01:50.783165Z ERROR                 main pact_stub_server: There were errors loading the pact files.
2025-02-21T17:01:50.783182Z ERROR                 main pact_stub_server:   - IO Error - Failed to access pact broker path '/' - error sending request for url (https://my-pact-broker.com/): error trying to connect: invalid peer certificate: UnknownIssuer. URL: 'https://my-pact-broker.com'
Error: ExitCode(unix_exit_status(3))

This is because my SSL certificate in the broker comes from Let's Encrypt. But I've specified --insecure-tls, so I would expect this verification to be skipped!

I've made a workaround by also mounting the root certs from my machine (-v /etc/ssl/certs:/etc/ssl/certs:ro) and it works, so I'm quite sure this is the only issue here.

Am I missing something or is this flag just broken?

Thanks for the help!