emedvedev
commented
6 years ago FYI, serving without the full chain fails in Firefox (at least) with the "unknown issuer" error if no websites with certificates by Let's Encrypt (and the proper chain) have been visited before.
The Qualys SSL Labs test caps the grade for certificates without a chain, too. Not that it matters much, but still. :)
I've noticed that kube-lego does not pull the entire certificate chain, storing (and serving) only the certificate itself. Is it the intended behavior? I couldn't find a setting that would allow changing it, and my setup is pretty much following README step by step.
Thanks!