Subnostr

omg, comodo/sectigo SSL certificates

i have one for a wildcard on one domain, mleku.dev

i am so often getting issues with clients (not web browsers, mind you, linux clients) that don't recognise the fucking CA

and i'm damned if i can see where to fix this

and it's not just curl and wget fucking it up, go tool also fucking it up, complaining about invalid certificates when they are fucking valid and i paid good fucking money for them

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

problem was solved btw

needed to get the sectigo intermediate certificate, and append it to my ssl cert *after* the actual cert, and done

finally the end of unable to verify certificate error in go and curl and wget on https://mleku.dev

previously, if you used curl on that address, on linux, it would complain it couldn't verify the certificate, but the browser has no problem (because it has the intermediate, i suppose)

now, the webserver is giving out the intermediate and no problems anymore

fucking

finally

this actually solves the problem i was having with letsencrypt throttling my cert issuance on my wildcards

nostr:nevent1qvzqqqqqqypzqnyqqft6tz9g9pyaqjvp0s4a4tvcfvj6gkke7mddvmj86w68uwe0qyghwumn8ghj7mn0wd68ytnvv9hxgtcprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qqsrzvnqp09f2uv4a4clffjareczkgnnpyfcyxwvqaayrj77d7kl5ks6290rv

Reply to this note

Please Login to reply.

Discussion

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

the fact that openssl doesn't bother putting the intermediate certificates that are needed for SSL on linux is a damning indictment on the state of linux these days

what a 🤡 show

nostr:nevent1qvzqqqqqqypzqnyqqft6tz9g9pyaqjvp0s4a4tvcfvj6gkke7mddvmj86w68uwe0qyghwumn8ghj7mn0wd68ytnvv9hxgtcprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qqs8njzzu3f64524wx5vwgnkazyun3xrj3apz7ach6vjyhxxjsmkwkc0xmnmk