Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

omg, comodo/sectigo SSL certificates

i have one for a wildcard on one domain, mleku.dev

i am so often getting issues with clients (not web browsers, mind you, linux clients) that don't recognise the fucking CA

and i'm damned if i can see where to fix this

and it's not just curl and wget fucking it up, go tool also fucking it up, complaining about invalid certificates when they are fucking valid and i paid good fucking money for them
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

today i learned that you have to also have this shitty intermediate certificate that is signed by the CA in the openssl chain

sooo, this means i need to amend my lerproxy to also use this intermediate fucking certificate... i hope this isn't gonna take too long but i'll be pleased to never see a fucking SSL error on my PAID FOR FUCKING CERT >_<

Reply to this note

Please Login to reply.

Discussion

da
Rand 1y ago

bon chance! m

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

it was even simpler than that... literally just had to C&P the sectigo/comodo SSL intermediate crt (pubkey) to the end of my web server's copy of my SSL certificate and 💥 done no more bullshit

infinity subdomains, zero bullshit

da
Rand 1y ago

i was thinking of future probs