It seems Let's Encrypt have changed the address of the full chain
certificate, so it's now a 301 redirect that acme-client can't follow:

        $ doas acme-client -vv
        acme-client: full chain
        acme-client: DNS:
        acme-client: bad HTTP: 301
        acme-client: short read: chain length

        $ nc 80
        GET / HTTP/1.1

        HTTP/1.1 301 Moved Permanently
        Server: AkamaiGHost
        Content-Length: 0
        Cache-Control: max-age=0
        Expires: Sun, 11 Mar 2018 12:51:16 GMT
        Date: Sun, 11 Mar 2018 12:51:16 GMT
        Connection: keep-alive

My certs last renewed on January 10 with no problems, so this must have
changed since then.

This is on:

        OpenBSD 6.2 (GENERIC) #6: Wed Feb 28 20:36:37 CET 2018


Reply via email to