Lets Encrypt TLS Cert Not Generated in Correct Order

[rkapoor028]

Describe the bug
The Generated Cert from LetsEncrpy is not in the correct order

When we use the generated cert we are getting the below error:-

Error obtaining X.509 certificate: unexpected error creating SSL Cert: certificate and private key does not have a matching public key: tls: private key does not match public key

Issue is probably amplified by Azure/azure-rest-api-specs#10637

To Reproduce
Steps to reproduce the behavior:

1. Generate Cert, which will be uploaded to Key Vault
2. Download Generated Cert via az keyvault secret/certificate download
3. You can check the order is not correct

Environment (please complete the following information):

• Certificate Type: Wildcard
• Certificate Deploy Target: AKS, KeyVault

Additional context
Once the certificate is generated, need to correct order before uploading to Azure Key Vault

[shibayan]

From the error message, it has nothing to do with Acmebot. When I downloaded the correct PFX, it confirmed that the intermediate certificate, private key and certificate were included.

The order does not appear to be related to this error.

[rkapoor028]

I assume, certificate stores will by default will correct the order like in case of Windows Certificate Store, where as in case of Azure Key Vault. Its not doing that. Will keep an eye on the Azure Key Vault issue Azure/azure-rest-api-specs#10637

This is causing an issue while using the AKV certs via secrets-store-csi-provider-azure in AKS. Followed a similar issue and was able to resolve it using Azure/secrets-store-csi-driver-provider-azure#226 (comment)

We can close this for now. Thanks for checking this.

[shibayan]

Probably fixed in #407.