You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can still reproduce this on current dev/master brach, even with the fix. Sadly my shell programming skills are insufficient to figure out where the problem is exactly.
EDIT: It seems the upgrading didn't work correctly, my staging test works now (after manually pulling from the dev branch).
I'm running acme.sh on current master (c5eea2e)
Steps to reproduce
This generates a new config (domain.conf in .acme.sh subfolder) for the domain, which saves the preferred-chain setting
Le_Preferred_Chain='__ACME_BASE64__START_SVNSRyBSb290IFgx__ACME_BASE64__END_'
This is correct (the base64 encodes "ISRG Root X1"). But, once you renew the certificate
the config entry gets changed to:
Le_Preferred_Chain='__ACME_BASE64__START_X19BQ01FX0JBU0U2NF9fU1RBUlRfU1ZOU1J5QlNiMjkwSUZneF9fQUNNRV9CQVNFNjRfX0VORF8=__ACME_BASE64__END_'
which is the base64 encoding of
__ACME_BASE64__START_SVNSRyBSb290IFgx__ACME_BASE64__END_
and not ISRG Root X1.So the base64 gets encoded again in base64! So of course this breaks the chain selection on renewal, because the base64 changes to absolute nonsense.
The text was updated successfully, but these errors were encountered: