omg, comodo/sectigo SSL certificates
i have one for a wildcard on one domain, mleku.dev
i am so often getting issues with clients (not web browsers, mind you, linux clients) that don't recognise the fucking CA
and i'm damned if i can see where to fix this
and it's not just curl and wget fucking it up, go tool also fucking it up, complaining about invalid certificates when they are fucking valid and i paid good fucking money for them
today i learned that you have to also have this shitty intermediate certificate that is signed by the CA in the openssl chain
sooo, this means i need to amend my lerproxy to also use this intermediate fucking certificate... i hope this isn't gonna take too long but i'll be pleased to never see a fucking SSL error on my PAID FOR FUCKING CERT >_<
Y U no letsencrypt?
because of the problem of wildcards on LE... i was constantly getting this invalid CA shit on there for the same domains
i've just learned that the solution is that `tls.LoadX509KeyPair` in Go for my case there is an intermediate .crt file i need to find and append it to my .crt file and fixed
the whole reason i paid for a TLS wildcard certificate was to solve this problem and the fuckers didn't send the intermediate
the lag time with which LE lets you add arbitrary subdomains to a DNS with wildcard is abominable, like maybe you can add one every half hour or longer, i dunno how short is the window but it was causing me such hassles i'm so sick of it
but now i see this fucking gay SSL shit they forget to mention they need an interFUCKINGmediate cert attached to the cert for LINUX OPENSSL to recognise it
let's just say that the entire linux edifice is falling in my estimation at the rate of Building 7 at this point
problem was solved btw
needed to get the sectigo intermediate certificate, and append it to my ssl cert *after* the actual cert, and done
finally the end of unable to verify certificate error in go and curl and wget on https://mleku.dev
previously, if you used curl on that address, on linux, it would complain it couldn't verify the certificate, but the browser has no problem (because it has the intermediate, i suppose)
now, the webserver is giving out the intermediate and no problems anymore
fucking
finally
this actually solves the problem i was having with letsencrypt throttling my cert issuance on my wildcards
