On Wed, 6 Oct 2021, Thiago Macieira wrote: > On Wednesday, 6 October 2021 09:55:21 PDT Thorsten Glaser wrote: > > On my own servers I’ve adapted my dehydrated hook to remove the > > faulty intermediate, but of course this depends on server admins > > to DTRT, plus it’ll apparently cause more trouble for Android… > > Can you share the change? I also use dehydrated.
Sure: https://github.com/MirBSD/dehydrated/tree/stable/docs/examples I use a setup in which I run dehydrated as unprivileged user _acme and use one of the hookscripts (debian-hook*.sh will probably be closest to what you want) which is then allowed to do passwordless sudo to the corresponding cert script (debian-cert.sh) which first checks the cert and chain received from LE (as user nobody) to avoid installing 0-byte certificate files (which others, who symlink from /var/lib/dehydrated/, have reported) and only then installs them to standard locations. The last commit there just lets it skip that particular entry of the chain. If you have any questions, feel free to respond to me also privately. bye, //mirabilos -- Infrastrukturexperte • tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ Telephon +49 228 54881-393 • Fax: +49 228 54881-235 HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /⁀\ The UTF-8 Ribbon ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ╳ HTML eMail! Also, https://www.tarent.de/newsletter ╱ ╲ header encryption! **************************************************** _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
