Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for adding the intermediate cert #35144

Merged
merged 1 commit into from Jan 21, 2018
Merged

Add support for adding the intermediate cert #35144

merged 1 commit into from Jan 21, 2018

Conversation

mscherer
Copy link
Contributor

SUMMARY

acme-tiny generate certificate without adding add the LE intermediate
certificate, which make several browsers and curl complain.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

openssl_certificate

@ansibot
Copy link
Contributor

ansibot commented Jan 20, 2018

cc @MarkusTeufelberger @Spredzy
click here for bot help

@ansibot ansibot added affects_2.5 This issue/PR affects Ansible v2.5 community_review In order to be merged, this PR must follow the community review workflow. feature_pull_request module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. labels Jan 20, 2018
@mscherer mscherer removed the needs_triage Needs a first human triage before being processed. label Jan 20, 2018
@mscherer
Copy link
Contributor Author

mscherer commented Jan 21, 2018
edited

This conflict with #35145 (so I am a bit annyed at myself from adding 2 stuff at the same location, I will adapt the other PR whatever is merged first, but I would prefer this one)

@MarkusTeufelberger
Copy link
Contributor

Sorry for approving the other one first.

Why set the default for including intermediary certs to true?

@ansibot ansibot added needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed community_review In order to be merged, this PR must follow the community review workflow. labels Jan 21, 2018
@mscherer
Copy link
Contributor Author

My gut feeling is that most people who would use letsencrypt would use it for https (as the module is using http-01 challenge). And so I suspect most users would also want a chain certificate by default, since otherwise, browsers and curl would complain (and in the case of browser, they might complain in a non immediate way, since in my experience, this happened mostly with fresh profile). I rather have things work out of the box for most users than not.

On top of that, I am also unsure of a case where --chain would be a issue. It produce a bigger cert, but that's all, so that's why I kept it as a option (but maybe this can be removed).

I will rebase the commit, and no problem from approving the other, my fault for rewriting the stuff in 3 differents commits.

@mscherer
Add support for adding the intermediate cert
d5895ac 
acme-tiny generate certificate without adding add the LE intermediate
certificate, which make several browsers and curl complain.
@ansibot ansibot removed the needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html label Jan 21, 2018
@mscherer
Copy link
Contributor Author

ready_for_review

@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. and removed needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Jan 21, 2018
@MarkusTeufelberger
Copy link
Contributor

shipit

@ansibot ansibot added automerge This PR was automatically merged by ansibot. shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. labels Jan 21, 2018
@ansibot ansibot merged commit 8071cc0 into ansible:devel Jan 21, 2018
Lujeni pushed a commit to Lujeni/ansible that referenced this pull request Feb 1, 2018
@mscherer @Lujeni
Add support for adding the intermediate cert (ansible#35144)
1e0c179 
acme-tiny generate certificate without adding add the LE intermediate
certificate, which make several browsers and curl complain.
@ansibot ansibot added the feature This issue/PR relates to a feature request. label Mar 5, 2018
@mscherer mscherer mentioned this pull request Jun 11, 2018
Closed
@dagwieers dagwieers added the crypto Crypto community (ACME, openssl, letsencrypt) label Feb 7, 2019
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.5 This issue/PR affects Ansible v2.5 automerge This PR was automatically merged by ansibot. crypto Crypto community (ACME, openssl, letsencrypt) feature This issue/PR relates to a feature request. module This issue/PR relates to a module. shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mscherer @ansibot @MarkusTeufelberger @dagwieers