-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Full certificate chain in export #24
Comments
Just to be sure: I mean full chain in the PEM file, not PFX ;) |
First of all: Why would hMailServer need full chain? I use it as well, without full chain and without any problems. LE certificates have correct Authority Info Access, so client can build their chain without any problems. Second, I can probably add it in future version, why not. |
Hi! |
@ridercz - can you please provide the steps you take for using the certificates in hmailserver? With win-acme I got a chain/key pem file that I was able to use. |
@eleasarchriso AutoACME generates PFX files, You can use OpenSSL on the command line (and thus also script that) to split these up into their parts (e.g. PEM and PVK files), see for instance https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/548/7/ |
Ok thanks. Yes this is what I am doing now. I thought there might be some setting/option in AutoAcme that I was missing like the PEM folder in the configs. |
@eleasarchriso No, I'm not aware of such a feature, but you could open a request for that: Pre- and post-request scripts could maybe be added to the certificate host information, so that only specific certificates would trigger these actions. |
Hi! Any plans on exporting the full chain into the CRT file? That might fix this issue. It does work, if I copy the contents manually into the file.. Thanks, |
@Ich79 I assume that when you say "the full chain" you mean the chain up to (but excluding) the root CA, right? E.g. the domain cert and the intermediate cert, but not the root cert. |
Implements #24 - add chain certificates to CRT file
Added in 1.6.1. |
Hey!
I am using autoACME and we're very happy with it for IIS. We also have a mailserver (hMailserver to be precise) and I would also like to use the let's encrypt certificate for that.
Unfortunately the certificate is missing the full chain which makes it much harder to use the certificates on for other services.
Maybe it's enough to make AcmeContext.cs:98 configurable. In the end hMailserver requires the certificate as a textfile, not PFX but maybe it works.
Is this something which you might consider? Like a parameter e.g. fullchain=true?
Even if not, thanks a lot for this piece of software!
Best regards,
Boris
The text was updated successfully, but these errors were encountered: