ansible-role-letsencrypt icon indicating copy to clipboard operation
ansible-role-letsencrypt copied to clipboard

Published 20 hours ago verified publisher icon andreaswolf

does not handle intermediate certificate changes

Open stephankn opened this issue 8 years ago • 2 comments

Your script does not handle intermediate certificates correctly. Likely it follows acme-tiny which is also broken in this sense by not returning the link to the intermediate as required by the ACME specification. You have to work around this by trying to build it later. See https://github.com/diafygi/acme-tiny/issues/77 or https://github.com/diafygi/acme-tiny/issues/111 or https://github.com/diafygi/acme-tiny/issues/115

Without handling this SSL sites will be broken sooner or later when the intermediate is changed (happened before already).

stephankn avatar May 29 '16 15:05 stephankn

I know, and I was already bitten by this before :-/ I played around with a possible solution, but forking acme-tiny for this does not sound right to me, and the maintainer does not seem to be willing to integrate this, although I think its the cleanest solution.

Once I get to dig into this a bit further, I’ll try coming up with a solution – but please, if you get to do it sooner than me, just go ahead! :)

andreaswolf avatar Jul 01 '16 10:07 andreaswolf

~~This fork does it right: https://github.com/sebastianw/acme-tiny~~ Never mind, acme-tiny now includes the intermediate by default: https://github.com/diafygi/acme-tiny/commit/7a4ea10d08b8a01b625f5df4c9ca173c9318bfe0

asokani avatar Mar 26 '18 10:03 asokani