Hi I am getting an with Digital Asset Links failure on domains using LetsEncrypt certificate.
The same does not happen when using a certificate from ACM on AWS.
What is the reason? Are we doing something wrong?
Hi I am getting an with Digital Asset Links failure on domains using LetsEncrypt certificate.
The same does not happen when using a certificate from ACM on AWS.
What is the reason? Are we doing something wrong?
I don’t know much about Digital Asset Links. A few obvious questions:
It is possible that the DAL system doesn’t trust Let’s Encrypt, but we should rule out other problems first.
The browser does not report any issues. It trusts the certificate.
Following is the report for the the domain which uses LetsEncrypt Certififcate
The only difference I see in the results is that the LetsEncrypt Certificate works only in browser that support SNI. Could this be the problem?
SNI will matter if the server offers several different web sites (different certificates) on the same IP address. In this case if the Digital Asset Link service didn’t know how to use SNI it would be shown the wrong certificate and fall.
It is also possible that DAL genuinely doesn’t trust Let’s Encrypt. This is likely to be an oversight rather than an intentional decision. In particular if DAL relies on a Java backend we know older Java versions don’t trust Let’s Encrypt. Current releases do.
Either way I’m afraid there might be nothing you can do except ask them (Google?) to fix it. I’m sure the Let’s Encrypt team would be happy to talk to them if they need any specific technical reassurance but most likely they just need to update something in their service. I know some Googlers but it’s a big company, so I doubt I can help further.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.