Letsencrypt certificate auto acceptance renew on same domain?
danjde last edited by rfc2822
Hi Friends and Devs!
Using Letsencrypt, that renew every 3 month the SSL certificate, I would like to know if is it possible to set the automatic certificate acceptance (without user intervention) by DavX, when the domain It’s always the same,
Perhaps limiting DavX only to a warning and not to a request for user intervention.
This behavior (the user intervention) can cause big problems if the user is inexperienced.
Using with Letsencrypt is no problem (we use it ourselves) and there will be no messages, if it is configured correctly. Did you
- make sure “Distrust root certificates” is turned off (default) in DAVx⁵ settings?
- configure the Let’s Encrypt intermediate certificate on your server?
make sure “Distrust root certificates” is turned off (default) in DAVx⁵ settings?
configure the Let’s Encrypt intermediate certificate on your server?
Hi rfc2822 and thanks for your reply!
I’ve verified the “point one” and it’s ok: turned off.
for the point two, I will open a question on Letsencrypt forum, where I’ve a Linux VPS using Certbot+Letsencrypt, this seems the preferable way, and then I will post here, are you right?
danjde last edited by danjde
Hi rfc2822 and thanks again, I’ve open on Letsencrypt forum the same question (related to the certificates), now we wait to see what emerges
The “certificate chain” seems ok.
I’m trying to investigate the matter with the help of the Let’sEncrypt forum,
where we have compared the two certificates and the only substantial difference we have found is that the certificate that requires user acceptance at each renewal is 4096-bit RSA key, the other (no user request) is the more common 2048-bit.
Could this be the explanation?
Many thanks again!
@danjde Very unlikely. See also in the other thread:
I installed DAVx5 on an Android tablet from F-Droid and I was able to establish connections to both of your domains without any certificate prompt.
That’s what I would expect.
Did you have a look at the certificate’s details as shown by DAVx5? Is the fingerprint correct? Maybe some kind of WiFi MITM.
…Is the fingerprint correct? Maybe some kind of WiFi MITM.
Now I will change certbot to certbot-auto and then upgrade to Android Pie (9.0) my two phone and then repeat the procedure.
For now, I will try to collect clues.
I have no other ideas
Thanks a lot for your kind help!
Ok, I hope that it will help in your case.