Open stephankn opened 8 years ago
I know, and I was already bitten by this before :-/ I played around with a possible solution, but forking acme-tiny for this does not sound right to me, and the maintainer does not seem to be willing to integrate this, although I think its the cleanest solution.
Once I get to dig into this a bit further, I’ll try coming up with a solution – but please, if you get to do it sooner than me, just go ahead! :)
This fork does it right: https://github.com/sebastianw/acme-tiny
Never mind, acme-tiny
now includes the intermediate by default: https://github.com/diafygi/acme-tiny/commit/7a4ea10d08b8a01b625f5df4c9ca173c9318bfe0
Your script does not handle intermediate certificates correctly. Likely it follows acme-tiny which is also broken in this sense by not returning the link to the intermediate as required by the ACME specification. You have to work around this by trying to build it later. See https://github.com/diafygi/acme-tiny/issues/77 or https://github.com/diafygi/acme-tiny/issues/111 or https://github.com/diafygi/acme-tiny/issues/115
Without handling this SSL sites will be broken sooner or later when the intermediate is changed (happened before already).