Aleks, Am 02.03.20 um 23:19 schrieb Aleksandar Lazic: > I think I found the solution. > > ``` > curl -vO https://letsencrypt.org/certs/isrgrootx1.pem.txt > curl -vo https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt > curl -vO https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt > cat letsencryptauthorityx3.pem.txt lets-encrypt-x3-cross-signed.pem.txt > isrgrootx1.pem.txt > /etc/haproxy/letsencryptauthorityx3.pem > ``` > > Now the server line is this. > > ``` > server static_stor storage.sbg.cloud.ovh.net:443 resolvers mydns check > check-ssl check-sni storage.sbg.cloud.ovh.net sni > str(storage.sbg.cloud.ovh.net) ca-file > /etc/haproxy/letsencryptauthorityx3.pem backup > > ``` > > No more SSL Handshake errors. >
Yes. The certificate chain OVH uses is the one chaining to IdenTrust (DST), not the one to ISRG. You can easily check this by looking up the TLS details within your favorite web browser. Best regards Tim Düsterhus
