Overpass API developpement

[mmd <>]

Hi Roland,

Am 19.03.2016 um 12:04 schrieb Roland Olbricht:
> Dear all,
> 
> the public server overpass-api.de got a new certificate. I've changed
> the provider from StartSSL to Let's Encrypt. Please feel free to report
> any new problems with refused connections or certificates.
> 

> 
> On Ubuntu 14.04 the root CA of letsencrypt isn't trusted everywhere. If
> you do a
> 
> wget https://overpass-api.de
> 
> you may get a message that the connection was refused. The fix is:
> - download the two Letsencrypt root certificates (the base and the X1
> one) [no link on purpose - it is much harder to trick a search engine
> than to add a rogue link to an email].
> - rename them to end in *.crt and copy them to
> /usr/share/ca-certificates/extra/
> - run "sudo dpkg-reconfigure ca-certificates"
> - select the two new certificates in addition to the existing ones
> 

according to this Github issue, you don't have to import the root CA of
let's encrypt to get wget and friends working:

https://github.com/letsencrypt/letsencrypt/issues/2026#issuecomment-167320225

I tried "wget https://helloworld.letsencrypt.org/"; as mentioned in that
ticket, and it works out of the box, without importing any root CA
first. On the other hand I get a certificate error when trying the same
with "https://overpass-api.de";.

Someone suggested the following in the ticket:

"I used fullchain.pem instead of cert.pem and curl and wget started
working."

Could you please take a look again?

Thanks!

Best,
mmd