Overpass API developpement

Text archives Help


Re: [overpass] overpass-api.de with letsencyrpt certificates


Chronological Thread 
  • From: mmd <mmd.osm@gmail.com>
  • To: overpass@listes.openstreetmap.fr
  • Subject: Re: [overpass] overpass-api.de with letsencyrpt certificates
  • Date: Sat, 19 Mar 2016 12:29:46 +0100

Hi Roland,

Am 19.03.2016 um 12:04 schrieb Roland Olbricht:
> Dear all,
>
> the public server overpass-api.de got a new certificate. I've changed
> the provider from StartSSL to Let's Encrypt. Please feel free to report
> any new problems with refused connections or certificates.
>

>
> On Ubuntu 14.04 the root CA of letsencrypt isn't trusted everywhere. If
> you do a
>
> wget https://overpass-api.de
>
> you may get a message that the connection was refused. The fix is:
> - download the two Letsencrypt root certificates (the base and the X1
> one) [no link on purpose - it is much harder to trick a search engine
> than to add a rogue link to an email].
> - rename them to end in *.crt and copy them to
> /usr/share/ca-certificates/extra/
> - run "sudo dpkg-reconfigure ca-certificates"
> - select the two new certificates in addition to the existing ones
>

according to this Github issue, you don't have to import the root CA of
let's encrypt to get wget and friends working:

https://github.com/letsencrypt/letsencrypt/issues/2026#issuecomment-167320225

I tried "wget https://helloworld.letsencrypt.org/"; as mentioned in that
ticket, and it works out of the box, without importing any root CA
first. On the other hand I get a certificate error when trying the same
with "https://overpass-api.de";.

Someone suggested the following in the ticket:

"I used fullchain.pem instead of cert.pem and curl and wget started
working."

Could you please take a look again?

Thanks!

Best,
mmd



Archive powered by MHonArc 2.6.18.

Top of page