[Bug]: HTTPS MCP Servers with Self signed certificate not working #1539
Description
🐞 Bug Summary
Briefly describe the issue or unexpected behavior.
Getting below error when adding an https
CERT GENERATION COMMAND:
openssl req -x509 -nodes -days 365
-newkey rsa:4096
-keyout mcp.key
-out mcp.crt
-subj "/C=US/ST=NA/L=NA/O=MCP/OU=Gateway/CN={IP_ADDRESS}"
ERROR:
2025-12-01 14:31:00,941 - mcpgateway.admin - INFO - DEBUG: oauth_config_json from form = 'None'
2025-12-01 14:31:00,941 - mcpgateway.admin - INFO - DEBUG: Individual OAuth fields - grant_type='', issuer=''
2025-12-01 14:31:00,941 - mcpgateway.admin - INFO - DEBUG: auth_type from form: '', oauth_config present: False
2025-12-01 14:31:00,941 - mcpgateway.admin - INFO - ✅ CA certificate(s) received and validated by frontend
2025-12-01 14:31:00,941 - mcpgateway.admin - WARNING -
2025-12-01 14:32:00,881 - mcpgateway.services.gateway_service - ERROR - Gateway initialization failed for https://144.8.103.184:8007/mcp: unhandled errors in a TaskGroup (1 sub-exception)
- Exception Group Traceback (most recent call last):
| File "/app/mcpgateway/services/gateway_service.py", line 2505, in _initialize_gateway
| capabilities, tools, resources, prompts = await self.connect_to_streamablehttp_server(url, authentication, ca_certificate)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/mcpgateway/services/gateway_service.py", line 3356, in connect_to_streamablehttp_server
| async with streamablehttp_client(url=server_url, headers=authentication, httpx_client_factory=get_httpx_client_factory) as (read_stream, write_stream, _get_session_id):
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/usr/lib64/python3.12/contextlib.py", line 231, in aexit
| await self.gen.athrow(value)
| File "/app/.venv/lib64/python3.12/site-packages/mcp/client/streamable_http.py", line 480, in streamablehttp_client
| async with anyio.create_task_group() as tg:
| ^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/anyio/_backends/_asyncio.py", line 783, in aexit
| raise BaseExceptionGroup(
| ExceptionGroup: unhandled errors in a TaskGroup (1 sub-exception)
+-+---------------- 1 ----------------
| Traceback (most recent call last):
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_transports/default.py", line 101, in map_httpcore_exceptions
| yield
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_transports/default.py", line 394, in handle_async_request
| resp = await self._pool.handle_async_request(req)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpcore/_async/connection_pool.py", line 256, in handle_async_request
| raise exc from None
| File "/app/.venv/lib64/python3.12/site-packages/httpcore/_async/connection_pool.py", line 236, in handle_async_request
| response = await connection.handle_async_request(
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpcore/_async/http_proxy.py", line 297, in handle_async_request
| raise ProxyError(msg)
| httpcore.ProxyError: 503 Service Unavailable
|
| The above exception was the direct cause of the following exception:
|
| Traceback (most recent call last):
| File "/app/.venv/lib64/python3.12/site-packages/mcp/client/streamable_http.py", line 411, in handle_request_async
| await self._handle_post_request(ctx)
| File "/app/.venv/lib64/python3.12/site-packages/mcp/client/streamable_http.py", line 262, in _handle_post_request
| async with ctx.client.stream(
| ^^^^^^^^^^^^^^^^^^
| File "/usr/lib64/python3.12/contextlib.py", line 210, in aenter
| return await anext(self.gen)
| ^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_client.py", line 1583, in stream
| response = await self.send(
| ^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_client.py", line 1629, in send
| response = await self._send_handling_auth(
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_client.py", line 1657, in _send_handling_auth
| response = await self._send_handling_redirects(
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_client.py", line 1694, in _send_handling_redirects
| response = await self._send_single_request(request)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_client.py", line 1730, in _send_single_request
| response = await transport.handle_async_request(request)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_transports/default.py", line 393, in handle_async_request
| with map_httpcore_exceptions():
| ^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/usr/lib64/python3.12/contextlib.py", line 158, in exit
| self.gen.throw(value)
| File "/app/.venv/lib64/python3.12/site-packages/httpx/_transports/default.py", line 118, in map_httpcore_exceptions
| raise mapped_exc(message) from exc
| httpx.ProxyError: 503 Service Unavailable
+------------------------------------
2025-12-01 14:32:00,883 - mcpgateway.services.gateway_service - ERROR - GatewayConnectionError in group: (GatewayConnectionError('Failed to initialize gateway at https://144.8.103.184:8007/mcp'),)
HTTPS MCP SERVER CODE BELOW:
from typing import Any
import ssl
import uvicorn
from mcp.server.fastmcp import FastMCP
from mcp.server.fastmcp.prompts import base
Create the MCP server
mcp = FastMCP(
name="sample-mcp-server",
host="0.0.0.0",
port=8007,
)
Constants
NWS_API_BASE = "https://api.weather.gov"
USER_AGENT = "weather-app/1.0"
@mcp.resource("greeting://{name}")
def get_greeting(name: str) -> str:
"""Get a personalized greeting"""
return f"Hello, {name}!"
@mcp.resource("github://repos/{owner}/{repo}")
def github_repo(owner: str, repo: str) -> str:
"""GitHub repository resource."""
return f"Repository: {owner}/{repo}"
@mcp.prompt(title="Code Review")
def review_code(code: str) -> str:
"""Review code"""
return f"Please review this code:\n\n{code}"
@mcp.prompt(title="Debug Assistant")
def debug_error(error: str) -> list[base.Message]:
"""Assist with debugging"""
return [
base.UserMessage("I'm seeing this error:"),
base.UserMessage(error),
base.AssistantMessage("I'll help debug that. What have you tried so far?"),
]
@mcp.tool()
def sum(a: int, b: int) -> int:
"""Add two numbers together"""
return a + b
@mcp.tool()
def get_weather(city: str, unit: str = "celsius") -> str:
"""Get weather for a city"""
return f"Weather in {city}: 22degrees{unit[0].upper()}"
if name == "main":
# Create an SSL context
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_context.load_cert_chain(certfile="cert.pem", keyfile="key.pem")
# Access the internal FastAPI app (works across versions)
try:
asgi_app = mcp.fastapi_app # most recent versions
except AttributeError:
asgi_app = getattr(mcp, "app", mcp) # fallback to older style
# Serve the app securely
uvicorn.run(
asgi_app,
host="0.0.0.0",
port=8007,
ssl_keyfile="./certs/mcp.key",
ssl_certfile="./certs/mcp.crt",
)
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- ...
- ...
- ...
🤔 Expected Behavior
What should have happened instead?
📓 Logs / Error Output
Paste any relevant stack traces or logs here.
🧠 Environment Info
You can retrieve most of this from the /version endpoint.
| Key | Value |
|---|---|
| Version or commit | e.g. v0.9.0 or main@a1b2c3d |
| Runtime | e.g. Python 3.11, Gunicorn |
| Platform / OS | e.g. Ubuntu 22.04, macOS |
| Container | e.g. Docker, Podman, none |
🧩 Additional Context (optional)
Add any configuration details, flags, or related issues.