@stephenw10
So I can confirm that the CA GUI is not adding the certificate to the OS Trust Store. but that the Certificate is working
curl -Iv https://123.sample.com
fails
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
export the certificate from the GUI, put it in a pem file in the tmp directory
curl -Iv --cacert /tmp/lets-encrypt-r3.pem https://123.sample.com
works like a charm
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
So I guess the question is why isn't the GUI getting this to the local trust store when saved? I can see the certs directory rebuilding on save, but clearly when finished this cert is not there. Curl can't find it and neither can I 😢
I suspect I can just drop a copy of the file in /usr/share/certs/trusted and then link the file to /etc/ssl/certs and it would fine, but that seems like something that should be happening on save?
there is nothing "fun" in logs that I can see - general log php-frm (process) just says there was a configuration change when I hit save to toggle the option on/off
Updated Certificate Authority Acmecert: O=Lets Encrypt, CN=R3, C=US
Guess I need to look at system_camanager.php to see exactly what it is (not) doing