LetsEncrypt Certificates Work Great! #1
Description
Just wanted to let you know that I have LetsEncrypt (LE) certificates in a fully functional taskserver setup with no issue. The trick is to delete most of the generated certificate output for the server, and use a symbolic link called ca.cert.pem to the LE chain.pem when you're generating the user certificates. My server configuration is below. Note that I have changed the directory and file permissions in /etc/letsencrypt/live to allow group read access, and made the task user a member of that group.
Configuration read from /var/taskd/config
Variable Value
------------- ------------------------------------------------
ca.cert /etc/letsencrypt/live/<my_domain_here>/chain.pem
confirmation 1
extensions /usr/local/libexec/taskd
ip.log on
log /var/log/taskd.log
pid.file /var/taskd/taskd.pid
queue.size 10
request.limit 1048576
root /var/taskd
server 0.0.0.0:53589
server.cert /etc/letsencrypt/live/<my_domain_here>/cert.pem
server.crl /var/taskd/server.crl.pem
server.key /etc/letsencrypt/live/<my_domain_here>/privkey.pem
trust strict
verbose 1
I read in the guide that such a configuration solution was very desirable, so I thought you might appreciate seeing this. If more detail is needed, please let me know.