LetsEncrypt Certificates Work Great!

[ethereal-engineer]

Just wanted to let you know that I have LetsEncrypt (LE) certificates in a fully functional taskserver setup with no issue. The trick is to delete most of the generated certificate output for the server, and use a symbolic link called ca.cert.pem to the LE chain.pem when you're generating the user certificates. My server configuration is below. Note that I have changed the directory and file permissions in /etc/letsencrypt/live to allow group read access, and made the task user a member of that group.

Configuration read from /var/taskd/config

Variable       Value                                           
-------------  ------------------------------------------------
ca.cert        /etc/letsencrypt/live/<my_domain_here>/chain.pem  
confirmation   1                                               
extensions     /usr/local/libexec/taskd                        
ip.log         on                                              
log            /var/log/taskd.log                              
pid.file       /var/taskd/taskd.pid                            
queue.size     10                                              
request.limit  1048576                                         
root           /var/taskd                                      
server         0.0.0.0:53589                                   
server.cert    /etc/letsencrypt/live/<my_domain_here>/cert.pem   
server.crl     /var/taskd/server.crl.pem                       
server.key     /etc/letsencrypt/live/<my_domain_here>/privkey.pem
trust          strict                                          
verbose        1    

I read in the guide that such a configuration solution was very desirable, so I thought you might appreciate seeing this. If more detail is needed, please let me know.