Am Jam writes: > $ git clone https://src.domain.io/user/aoc.git > Cloning into 'aoc'... > fatal: unable to access 'https://src.domain.io/user/aoc.git/': SSL > certificate problem: unable to get local issuer certificate > > and > > $ curl https://src.domain.io > curl: (60) SSL certificate problem: unable to get local issuer > certificate > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could > not > establish a secure connection to it. To learn more about this situation > and > how to fix it, please visit the web page mentioned above.
acme-client(1) generates a certificate without any intermediate certificates unless a full chain is specifically requested; see acme-client.conf(5). relayd(8)'s 'tls keypair' will automatically pick up certificates named according to a particular pattern; see relayd.conf(5). Most likely, you're not requesting a full chain from acme-client, or you haven't given the full chain certificate a name relayd will pick up automatically.
