Just curious what the optimal approach is here. Of course TLS servers don't generally serve the root certificate of a chain since clients should already be trusting it.
Are you storing the full chain including the root when you download the certificates (and then only serving the leaf and intermediate(s)?)
Or are you eliding the root when you download the chains and not storing the root at all?
Does your client simply assume the last cert in a chain (when downloading from the ACME server) is the root?
When downloading the certificate (chain) using the cert URL, the root is included at the end of the chain. I'm curious how useful this is in practice.
D'oh, you're right -- when I was decoding PEMs I was mixing my workflows and was reading the output of a different cert that was self-signed (an actual root), and thought it was the output from the PEM I pasted from that link.
I normalize the chain and store a reference to it.
I do store roots, but use another mechanism for that since they are not part of the download.
I have an open TODO for inspecting the cert and fetching the root if it is unknown (the url is in "CA Issuers" under "Authority Information Access";).
I'm curious how useful this is in practice.
My main motivation is for testing purposes, with a secondary motivation for private CAs. With testing, the root may be ephemeral (e.g. Pebble) and can be a pain to hook into. With private CAs, I'd rather just have it ready for me during troubleshooting, as networking/vpn conditions may differ.