People are incorrectly configuring Lets Encrypt on their websites.

[belldandu]

So yeah.

Pretty sure this ties into #2026

Mind you this happened when i went to wget Multiverse for my minecraft server (meaning i'm not hosting the server i'm trying to get the files from.)

From what i've read this issue is caused by people using cert.pem instead of fullchain.pem as the publicly available ssl certificate.

And i do not get this issue on my domain and i'm using fullchain.pem which means that people are incorrectly configuring their websites.

If you guys can notify people somehow that they are incorrectly configuring their websites, that would be great.

[belldandu]

As of posting this i also notified someone over in the multiverse irc chat about this and they said they would email the owner and link them to this issue.

[bmw]

Glad you found a way to get in touch with the owner of the site about getting it fixed.

There's only so much the certbot client can use to solve this issue. Perhaps we can add a subcommand to try and check if things are configured correctly. Unfortunately, due to things like firewall rules, this will never completely work, but it might be useful to some people.

If you meant to report this issue to the Let's Encrypt CA/server about verifying all certificates issued by Let's Encrypt, you should make an issue on the letsencrypt/boulder repo.

[pde]

We already offer this kind of testing in the form of the qualys test links (though perhaps those only apply if you use the run subcommand?). I'd argue that insofar as this is is solvable, it's a duplicate of #1819, which I'm optimistically tagging for 0.9.0.