Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

I'm going to raise an issue and stick it in your ear. -- John Foreman

rocksolid / Linux / letsencrypt.org

SubjectAuthor
o letsencrypt.orgRetro Guy

1
Subject: letsencrypt.org
From: Retro Guy
Newsgroups: rocksolid.shared.linux
Organization: RetroBBS
Date: Thu, 10 Sep 2020 09:14 UTC
Path: i2pn2.org!rocksolid3!.POSTED.localhost!not-for-mail
From: retro....@retrobbs.rocksolidbbs.com.remove-itw-this (Retro Guy)
Newsgroups: rocksolid.shared.linux
Subject: letsencrypt.org
Date: Thu, 10 Sep 2020 09:14:49 +0000
Organization: RetroBBS
Message-ID: <3752a314970b003c1bc123b882af8d33$1@www.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: rocksolidbbs.com; posting-host="localhost:127.0.0.1";
logging-data="420"; mail-complaints-to="usenet@rocksolidbbs.com"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
To: rocksolid.shared.linux
X-Comment-To: rocksolid.shared.linux
X-FTN-PID: Synchronet 3.17a-Linux Dec 29 2018 GCC 6.3.0
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$LUBI0pYrAjy.6PW28WF23uyliq.QHQp5.dTrprlKUEZbV81riRT3O
X-Gateway: retrobbs.rocksolidbbs.com [Synchronet 3.17a-Linux NewsLink 1.110]
View all headers
  To: rocksolid.shared.linux
I've been using letsencrypt for a while now, and haven't had much trouble. The only issue I've had in the past is it sometimes doesn't seem to know where to find the web root and then can't update. Most likely some issue I've caused.

Today I installed a cert on a server using certbot, which is how I normally do it, and it seemed to all go well, but the cert wasn't recognized. After wasting probably 30 minutes wondering why rslight was rejecting the cert I tried it with nginx, which also rejected it.

It turned out that 'fullcert.pem' (created during cert install), did not actually contain the full cert. It only contained the chain and not the cert. This is different than how I've ever seen it install. The file fullchain.pem and chain.pem were identical.

I had to:
cat cert.pem chain.pem >> fullchain.pem
and then I had a proper file, and it works fine now. I just don't know why it installed that way. Hopefully it won't break in an update.

Retro Guy

--
Posted on: RetroBBS
www.rocksolidbbs.com



1

rocksolid light 0.8.3
clearneti2ptor