It seems Let's Encrypt have changed the address of the full chain
certificate, so it's now a 301 redirect that acme-client can't follow:

        $ doas acme-client -vv walcyrge.org
        [...]
        acme-client: http://cert.int-x3.letsencrypt.org/: full chain
        acme-client: cert.int-x3.letsencrypt.org: DNS: 104.116.134.206
        acme-client: http://cert.int-x3.letsencrypt.org/: bad HTTP: 301
        acme-client: short read: chain length

        $ nc cert.int-x3.letsencrypt.org 80
        GET / HTTP/1.1
        Host: cert.int-x3.letsencrypt.org

        HTTP/1.1 301 Moved Permanently
        Server: AkamaiGHost
        Content-Length: 0
        Location: https://cert.int-x3.letsencrypt.org/
        Cache-Control: max-age=0
        Expires: Sun, 11 Mar 2018 12:51:16 GMT
        Date: Sun, 11 Mar 2018 12:51:16 GMT
        Connection: keep-alive

My certs last renewed on January 10 with no problems, so this must have
changed since then.

This is on:

        OpenBSD 6.2 (GENERIC) #6: Wed Feb 28 20:36:37 CET 2018
            
r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC

-- 
Carlin

Reply via email to