[10:35] <bigcalm> o/
[10:37] <bigcalm> I need to update the CA certificate for cURL on a couple of 20.04 servers. I know the file or symlink will live in /etc/ssl/certs. But I was wondering where the best place would be to store 3rd party certs such as this, and if there is a command to create/maintain symlinks between server upgrades.
[10:37] <bigcalm> What I don't want is for the CA cert to get forgotten about and wonder why cURL is broken in 22.04
[10:49] <daftykins> hrmm, pass
[10:49] <daftykins> morning all \o
[10:51] <bigcalm> Quite :D
[10:52] <daftykins> is the curl and cert approach one to ensure you trust places you're grabbing things from, in code?
[10:52] <bigcalm> Yep
[10:52] <bigcalm> Google: SSL certificate problem: unable to get local issuer certificate curl
[11:04] <bigcalm> Looks like the issue isn't with cURL on the server itself
[11:05] <bigcalm> While I can access an URI without issue in Firefox, using cURL or HTTPie from a remote host throws an SSL error
[11:12] <bigcalm> Looks like I might have nginx / let's encrypt set-up incorrectly :|
[11:13] <daftykins> i was almost going to ask if you were working with LetsEncrypt, seen a few errors around when their old and new format certs are in place at once - in a few cases i've just deleted the old one to simplify things
[11:13] <daftykins> i don't deal with curl to know if there's any relevance to that part though
[11:14] <bigcalm> It's a new server with fresh certs issued 25th May 2021
[11:15] <daftykins> ah
[11:16] <bigcalm> Yep, nginx config issue
[11:17] <bigcalm> I had set ssl_certificate to cert.pem, when it needed to be fullchain.pem
[11:17] <daftykins> ooh
[11:17] <bigcalm> Apache has a config option for specifying the chain file, as well as the cert file
[11:18] <bigcalm> But not nginx (or at least not in my config!)
[11:19] <daftykins> mm i never made the switch and stay comfortably in apache land myself, i don't really retain any of that config stuff either - i just connect into hosts with working ones and copy them :D
[11:22] <bigcalm> I use both on different servers, but prefer nginx for new sites now
[11:22] <bigcalm> There are pros and cons for both
[11:23] <daftykins> i did hear claims nginx is lighter and scales well, but i typically only run simple services for people
[11:35] <daftykins> i've been brought a friends ancient core 2 duo macbook with expanded battery, need to assist in getting his data off of it and over to a ThinkPad running Windows that i sold him a while back
[11:35] <daftykins> the battery expansion has risen up through the touchpad and cracked it in a few directions :O
[11:51] <bigcalm> I recall a company MacBook having an inflated battery that caused the device to wobble. Thankfully all under warranty. I don't like fully sealed devices like MacBooks. At least with my own laptops I know I can remove the battery myself
[11:52] <daftykins> i despise crApple, but you can easily remove this one
[12:04] <popey> Spicy pillows!
[12:06] <zxm-pi> lithium batteries want to be fire :-)
[12:24] <daftykins> there we go, battery out with just a couple of proprietary screws (tri-wing)
[12:24] <daftykins> gotta love having an ifixit screwdriver set to hand
[12:28] <zxm-pi> my hammer(nokia 3310) out ranks your screw driver set! :-P
[12:32] <daftykins> https://imgur.com/a/DZD1hK3 - here's the state of it
[12:33] <zxm-pi> i abhor trackpads but i still feel bad for that one :-/
[12:35] <daftykins> funny how it still works, wouldn't fancy using it long term though
[12:35] <zxm-pi> on plus side you won't be leaving any fingerprints behind anymore :-P
[19:21] <daftykins> https://i.imgur.com/mol5bwC.jpeg
[20:22] <zxm-pi> i like the same account describing the pillow fight :-D