fullchain.pem isn't automatically generated by acme.sh
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dereckson
	Thu, Feb 5, 19:52

Description

In acme.sh configurations, the field Le_RealFullChainPath isn't set:

/var/db/acme/certs/mail.nasqueron.org_ecc/mail.nasqueron.org.conf

Le_RealCertPath='/var/certificates/mail.nasqueron.org/cert.pem'
Le_RealCACertPath='/var/certificates/mail.nasqueron.org/chain.pem'
Le_RealKeyPath='/var/certificates/mail.nasqueron.org/key.pem'
Le_ReloadCmd=''
Le_RealFullChainPath=''

That broke the TLS configuration for e-mail services:

$ cd /var/certificates/mail.nasqueron.org
$ ls -lah
total 19 KB
drwxr-x---  2 acme mail     6B May 20  2025 .
drwx--x--x  6 acme wheel    6B Nov  5  2024 ..
-rw-r--r--  1 acme mail   1.3K Jan  6 03:06 cert.pem
-rw-r--r--  1 acme mail   1.5K Jan  6 03:06 chain.pem
-rw-r--r--  1 acme mail   2.8K Dec  9 07:59 fullchain.pem
-rw-r-----  1 acme mail   227B Jan  6 03:06 key.pem

We see the fullchain.pem wasn't regenerated.

When regenerated with cat cert.pem chain.pem > fullchain.pem, the services (nginx, postfix) served the right certificate.

Revisions and Commits

rOPS Nasqueron Operations
	D3906	rOPSc9cb237e5e18 Automate acme.sh install-cert cmd

Event Timeline

dereckson triaged this task as High priority.Thu, Feb 5, 19:52

dereckson created this task.

dereckson added subscribers: yousra, DorianWinty.

Patched it live.

Solving this with @DorianWinty.

DorianWinty added a revision: D3906: Automate acme.sh install-cert cmd.Thu, Feb 5, 22:04

dereckson closed this task as Resolved by committing rOPSc9cb237e5e18: Automate acme.sh install-cert cmd.Thu, Feb 5, 22:53

dereckson added a commit: rOPSc9cb237e5e18: Automate acme.sh install-cert cmd.

fullchain.pem isn't automatically generated by acme.shClosed, ResolvedPublicActions

Description

Revisions and Commits

Event Timeline

fullchain.pem isn't automatically generated by acme.sh
Closed, ResolvedPublic
Actions