does not handle intermediate certificate changes

[stephankn]

Your script does not handle intermediate certificates correctly. Likely it follows acme-tiny which is also broken in this sense by not returning the link to the intermediate as required by the ACME specification. You have to work around this by trying to build it later. See https://github.com/diafygi/acme-tiny/issues/77 or https://github.com/diafygi/acme-tiny/issues/111 or https://github.com/diafygi/acme-tiny/issues/115

Without handling this SSL sites will be broken sooner or later when the intermediate is changed (happened before already).

[andreaswolf]

I know, and I was already bitten by this before :-/ I played around with a possible solution, but forking acme-tiny for this does not sound right to me, and the maintainer does not seem to be willing to integrate this, although I think its the cleanest solution.

Once I get to dig into this a bit further, I’ll try coming up with a solution – but please, if you get to do it sooner than me, just go ahead! :)

[asokani]

This fork does it right: https://github.com/sebastianw/acme-tiny Never mind, acme-tiny now includes the intermediate by default: https://github.com/diafygi/acme-tiny/commit/7a4ea10d08b8a01b625f5df4c9ca173c9318bfe0