-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failed to parse fullchain into cert and chain: less than 2 certificates in chain #83
Comments
Hi @jacekjaros, Thanks for your report!
Hmm! I must say this is something that has never occurred to me to try. I can't be sure without checking of course, but this might also be an issue in certbot itself. I will definitely try to reproduce this right away. I would appreciate the following additional info:
Thanks, Mat |
FWIW, I'm not aware of any restriction in RFC 8555 that would forbid such a setup. So it's definitely a bug in either django-ca or certbot. |
hi @mathiasertl CA:
client:
Clients are talking directly to Django - i have no middle ware. django access log:
i have other box based on Ubuntu 20.04 and Certbot 0.40.0-1ubuntu0.1 - on that box everything is working fine. |
Hi @jacekjaros, The issue can easily be reproduced by following Testing ACMEv2, but instead of creating an intermediate CA for ACME, use the root CA instead. Turns out that this is actually somewhat a bug in certbot, which expects a PEM certificate chain to end with a newline. That is probably commonly the case, but is not strictly required in RFC 7468. ef3e53d appends a newline to the chain, thus fixing the issue on our side. kr, Mat |
hi,
i get following error when try to request cert:
less /var/log/letsencrypt/letsencrypt.log
my setup:
CA server is latest django-ca running on top of Python 3.9.
in my CA i use only root ca (there are no intermediate ca)
The text was updated successfully, but these errors were encountered: