Re: Let's Encrypt ca-file for check-ssl on server line

Aleksandar Lazic Tue, 03 Mar 2020 00:18:57 -0800

Hi all.

Thanks for help.


Regards
Aleks

On 02.03.20 23:25, Tim Düsterhus wrote:

Aleks,

Am 02.03.20 um 23:19 schrieb Aleksandar Lazic:

I think I found the solution.

```
curl -vO https://letsencrypt.org/certs/isrgrootx1.pem.txt
curl -vo https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
curl -vO https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
cat letsencryptauthorityx3.pem.txt lets-encrypt-x3-cross-signed.pem.txt
isrgrootx1.pem.txt > /etc/haproxy/letsencryptauthorityx3.pem
```

Now the server line is this.

```
server static_stor storage.sbg.cloud.ovh.net:443 resolvers mydns check
check-ssl check-sni storage.sbg.cloud.ovh.net sni
str(storage.sbg.cloud.ovh.net) ca-file
/etc/haproxy/letsencryptauthorityx3.pem backup

```

No more SSL Handshake errors.


Yes. The certificate chain OVH uses is the one chaining to IdenTrust
(DST), not the one to ISRG. You can easily check this by looking up the
TLS details within your favorite web browser.

Best regards
Tim Düsterhus

Re: Let's Encrypt ca-file for check-ssl on server line

Reply via email to