From: Tom Hughes <tom@compton.nu>
Date: Sat, 7 Nov 2020 14:45:05 +0000 (+0000)
Subject: Tell certbot to prefer the legacy "DST Root CA X3" chain
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/e45031ca0ddc8f9b7b9a7bae381650b3c9309a23

Tell certbot to prefer the legacy "DST Root CA X3" chain
---

diff --git a/cookbooks/letsencrypt/files/default/bin/renew b/cookbooks/letsencrypt/files/default/bin/renew
index 6a0482185..2b7e6b4a8 100755
--- a/cookbooks/letsencrypt/files/default/bin/renew
+++ b/cookbooks/letsencrypt/files/default/bin/renew
@@ -4,6 +4,7 @@ cd /srv/acme.openstreetmap.org
 
 /usr/bin/certbot renew \
     --quiet \
+    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \
diff --git a/cookbooks/letsencrypt/templates/default/request.erb b/cookbooks/letsencrypt/templates/default/request.erb
index eaefa5bbe..365b315a7 100644
--- a/cookbooks/letsencrypt/templates/default/request.erb
+++ b/cookbooks/letsencrypt/templates/default/request.erb
@@ -4,6 +4,7 @@
 
 /usr/bin/certbot certonly \
     --non-interactive \
+    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \