search

geerlingguy / ansible-role-certbot

Ansible Role - Certbot (for Let's Encrypt)
https://galaxy.ansible.com/geerlingguy/certbot/
MIT License
781 stars 347 forks source link

Invalid root certificate #162

Closed c3s4 closed 2 years ago

c3s4 commented 2 years ago

Hi, I'm experiencing a strange issue. If i create a new certificate with this role I get a certificate that is invalid in Chrome on mac OS Big Sur. This is because Chrome "sees" an invalid Root certificate, the DST Root CA X3, but Firefox sees the new one: ISRG Root X1.

I'm posting this issue here because, if I run the 

sudo certbot certonly --standalone --non-interactive --agree-tos --email :EMAIL: -d :DOMAIN:

command manually, the generated certificate works as expected.

c3s4 commented 2 years ago

An update: I can confirm that every time I use this ansible role I broke everything. I have a multi tenants app (about 15 tenants at the moment). I ran right a couple of hour ago the ansible playbook to update stuff and now all certificates are invalid for Chrome on mac 😱 .

Any idea?

c3s4 commented 2 years ago

Hi, digging a lot more I found out the actual problem was in the merging script to create a cert from fullchain and privkey for haproxy. For some strange reason, was working until last month. I fixed the merging role and everything works like a charm.

Sorry for this unuseful issue. I close it.

Cheers