Tell certbot to prefer the legacy "DST Root CA X3" chain
authorTom Hughes <tom@compton.nu>
Sat, 7 Nov 2020 14:45:05 +0000 (14:45 +0000)
committerTom Hughes <tom@compton.nu>
Sat, 7 Nov 2020 14:45:05 +0000 (14:45 +0000)
cookbooks/letsencrypt/files/default/bin/renew
cookbooks/letsencrypt/templates/default/request.erb

index 6a04821852ed1f195cb509dcc6440e9ca1bc11ed..2b7e6b4a8278c77eaa9ddb7bef35141a90853e24 100755 (executable)
@@ -4,6 +4,7 @@ cd /srv/acme.openstreetmap.org
 
 /usr/bin/certbot renew \
     --quiet \
+    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \
index eaefa5bbe1bf08ef1816aed5440ba453ababd882..365b315a7cfe52cd926c4a3030dd7324d86207e6 100644 (file)
@@ -4,6 +4,7 @@
 
 /usr/bin/certbot certonly \
     --non-interactive \
+    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \