Hi William,
On 08.12.20 15:13, William Lallemand wrote:> I then updated the
certificate this way:
>
> $ echo -e -n "@1 set ssl cert server1.fullchain.pem <<\n$(cat
> server2.fullchain.pem)\n\n" | socat - /tmp/master.socket
> Transaction created for certificate server1.fullchain.pem!
>
> $ echo "@1 commit ssl cert server1.fullchain.pem" | socat -
> /tmp/master.socket
> Committing server1.fullchain.pem.
> Success!
>
> And checked that the certificate is correctly updated:
true, what fail though is the dynamic ocsp-response update after that,
sorry for the unprecise problem description before. This happens after a
dynamic cert update that *includes* an intermediate cert update if you
then also try make a dynamic ocsp-response update:
# echo "set ssl ocsp-response $(base64 -w 10000 ${DIRNAME}/ocsp.der)" |
socat ...
OCSP single response: Certificate ID does not match any certificate or
issuer.
Björn
