So I’ve just sitched one of our servers to a Let’s Encrypt cert. And It is mostly working, except for one of the installers, that uses wget on windows.
–2016-07-05 13:50:04-- https://yyy.com/updater.rb
Resolving yyy.com (yyy.com)… x.x.x.x
Connecting to yyy.com (yyy.com)|x.x.x.x|:443… connected.
ERROR: cannot verify yyy.com’s certificate, issued by ‘CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US’:
Unable to locally verify the issuer’s authority.
To connect to yyy.com insecurely, use `–no-check-certificate’.
I am not going to be the idiot that does the ‘–no-check-certificate’.
Interestingly, after opening up https://yyy.com/updater.rb in MSIE, wget works as expected. I figure MSIE is downloading the intermediate certificate, and wget can’t.
If this is the case, is there any way to get windows to do that - downloading and storing the intermediate certificate - in the background? Certutil seems the most likely candidate, but **** it’s documentation.