Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: api.brotools.tech
I ran this command:
It produced this output:
My web server is (include version): nginx/1.14.2
The operating system my web server runs on is (include version): debian 10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 1.20.0
I'm making a Python plugin for Autodesk Maya and I've started receiving reports of my clients getting SSL errors whenever it tries to contact the API server at the domain provided above. However just going to that domain in the browser always works and shows correct API response without any certificate warnings from a browser.
Unfortunately it does not seem like this issue is universal. I am unable to recreate this issue, I've tried doing so on Windows, Mac and Linux from physical and virtual machines, from 2 different locations and networks. And from API logs I can confirm that most people don't seem to get this error. But reports are coming from different people from different countries, so the issue is there. So far I've had to instruct them to set the plugin to ignore SSL errors, which is not ideal at all.
At first I used
certbot --nginx to issue the certificate, after this issue and reading about Let's encrypt root exipty I tried
certbot --nginx --preferred-chain "ISRG Root X1" --force-renew but I am still getting reports of these issues.
Requests are being made by urllib libraries in Python 2 and 3 (depending on Autodesk Maya version).
I am using Cloudflare DNS, and I tried it both with Proxy on and Proxy off - it seems it does not affect the issue (which is a bit odd, since Cloudflare is supposed to have their own certificates for their proxies).
At the moment I am at a loss, being unable to recreate the issue I'm not sure how to approach it further. Any advice would be welcome.