My web server is (include version): Boost.Beast version, the one included in Boost version 1.78.0. Going to upgrade to 1.79.0.
The operating system my web server runs on is (include version): Windows 10
I'm running the app on my own computer, and it's a web server app in C++.
I can login to a root shell on my machine (yes or no, or I don't know): No root shell login, but I run the C++ server app my shell via Command Prompt.
I'm using acme.sh manually.
What happened was that when I tried to visit the app in my browser after the certs were renewed, I got an error saying that the page gave an invalid response and that it's not certified. Aside from trying to port Boost 1.78.0 when it came out, as well as trying to move from #includeing header files to importing header units (for consuming the C++ Standard Library), I didn't even touch my code which was fine before this (the app still worked properly with HTTPS).
Boost.Beast is boost::beast; it's a Boost library that handles HTTP/S and WebSockets, built on top of boost::asio. I used it to built a web server app.
The problem happened from the first one already. I got the other two to be sure I got it right.
Since I'm using Windows, I have to use a Git bash shell to run the acme.sh commands. The bash window closes before I can see the output for the --list command-line option. So I'll have to direct the output to a file to see it.
You can see that in my C++ code. I did post a link to the GitHub repo. The files to look at are the three C++ files in here. The two .hpp files aren't that large. The main .cpp file kind of is, though, so I'll just apologize for that now.
Volume in drive C is Acer
Volume Serial Number is 980C-8B4B
Directory of C:\Users\Osman\.acme.sh\dragonosman.dynu.net
07/16/2022 03:47 AM 5,609 fullchain.cer
1 File(s) 5,609 bytes
0 Dir(s) 115,759,726,592 bytes free
Can you show the output of: openssl s_client -connect ip.ip.ip.ip:port -servername dragonosman.dynu.net
[replace ip.ip.ip.ip:port with actual IP and port]
The Certificate chain is missing the intermediates. Your fullchain.cer looks like it had 3 certs in it. Your server is only sending out the first 1. Don't ask me why I didn't study your code.
I can't tell why it did that either because this is my server_certificate.hpp file:
#ifndef SERVER_CERTIFICATE_H
#define SERVER_CERTIFICATE_H
#include <boost/asio/buffer.hpp>
#include <boost/asio/ssl/context.hpp>
#include <fstream>
/*
Load a signed certificate into the ssl context, and configure
the context for use with a server.
*/
inline void load_server_certificate(boost::asio::ssl::context& ctx)
{
const std::string cert_filename = "C:/Users/Osman/.acme.sh/dragonosman.dynu.net/fullchain.cer";
ctx.use_certificate_file(cert_filename, boost::asio::ssl::context_base::file_format::pem);
const std::string dh =
"-----BEGIN DH PARAMETERS-----\n"
"MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
"ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==\n"
"-----END DH PARAMETERS-----\n";
ctx.set_password_callback(
[](std::size_t, boost::asio::ssl::context::password_purpose)
{
return "test";
});
ctx.set_options(boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::single_dh_use);
const std::string key_filename = "C:/Users/Osman/.acme.sh/dragonosman.dynu.net/dragonosman.dynu.net.key";
std::ifstream ifs_key{ key_filename };
std::string key{ (std::istreambuf_iterator<char>(ifs_key)), (std::istreambuf_iterator<char>()) };
ctx.use_rsa_private_key(boost::asio::buffer(key.data(), key.size()), boost::asio::ssl::context::file_format::pem);
ctx.use_tmp_dh(boost::asio::buffer(dh.data(), dh.size()));
}
#endif
It should be taking the fullchain.cer file as is. I don't know what's going on. It couldn't be anything to do with the root certificates either, right? Since it's only about the server certificates.