Hosting distfiles on HTTPS w/Let's Encrypt - how?
fjwcash at gmail.com
Fri Jun 2 01:20:32 UTC 2017
On Jun 1, 2017 4:06 PM, "Marcin Cieslak" <saper at saper.info> wrote:
On Thu, 1 Jun 2017, Jov wrote:
> can you dowload the file distfiles/INIT.2014-12-24.tgz
> <https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz> using
> browser such as chrome？
Yes, Firefox, IE11, no certificate warnings.
> be sure to use full chain cert file，I rember I had similar problem and use
> full chain cert fixed.
(Without the root CA):
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
How should fetch know that "=Digital Signature Trust Co./CN=DST Root CA X3"
a valid CA if none have been installed?
In your web server configuration, are you using the Let's Encrypt cert.pem
If you use the former, then any client that doesn't have the DST Root CA
pre-installed will error out. The latest versions of browsers will work, as
they include the DST Root CA.
If you use the latter, then it will just work, as the server will send all
the intermediate certificate info needed to reach the root.
More information about the freebsd-ports