-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client.py:obtain_certificate_from_csr should ensure that a chain is returned or cause certbot to fail #4196
Comments
See https://github.com/certbot/certbot/blob/master/certbot/client.py#L245. The problem is that there are two network calls, |
One possible way to address this is demonstrated in #4113. |
Working on this. |
It should not successfully return a certificate without its chain. We can do this by retrying
acme.fetch_chain
once, then telling the user to rerun with the path to where we saved the cert after fixing the network.This is bad because if we only tell users about the cert, they won't know to also get the chain and concat the files to make the fullchain, and they'll accidentally use the cert file, which causes that weird failure mode in modern browsers.
The text was updated successfully, but these errors were encountered: