bin/make-cert, bin/fix-cert-chain: Hack certificate chains for compatiblity.

[distorted-letsencrypt] / bin / make-cert

diff --git a/bin/make-cert b/bin/make-cert
index fd0cdf5..a094a53 100755 (executable)
--- a/bin/make-cert
+++ b/bin/make-cert
@@ -14,8 +14,14 @@ case $# in 0) ;; *) fail_usage ;; esac
 
 prepare_tmp $tag
 
+## Make sure there's no proxy.  I get `urn:acme:error:badNonce' with high
+## probability if I use IPv6, so avoid rolling the dice.
+unset http_proxy
+
 ## Let's go.
 cert=$home/cert/$tag
 cd $cert
 dehydrated -f $HOME/dehydrated-config.sh -fc -s req >full-chain.new
-mv full-chain.new full-chain
+fix-cert-chain full-chain.new >full-chain.fixed
+mv full-chain.fixed full-chain
+rm full-chain.new