Are you lazy and use ‘-k’ to curl all the time when using Let’s Encrypt staging? Or worse, use snake-oil? Or even worse, use just http for ‘test’?
curl -sSL https://letsencrypt.org/certs/fakelerootx1.pem > fakelerootx1.pem curl --cacert fakelerootx1.pem https://my-site-issued-with-le-staging
There, how hard was that? Now you can test that the cert was generated properly (even though its not properly signed).
by
Tags:
Wouldn’t it be nice if we could just use an https url in a –cacerturl parameter in curl that follows the systems installed root ca certificates and/or –capath option?
Also why not just use:
curl https://letsencrypt.org/certs/fakelerootx1.pem –output fakelerootx1.pem
Instead of having an extra dependency on wget?
I assume your curl ssl environment is already set up for the real CA for letsencrypt, or what would you actually be testing…
Leave a Reply