[kwlug-disc] ISRG Root X1 week (well, DST ROOT CA X3 expiration)
Mikalai Birukou
mb at 3nsoft.com
Sun Oct 3 12:16:54 EDT 2021
> I am hoping you are having a peaceful closure of this ISRG Root X1 week.
>
> https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Quote as an emphasis after this week's pains:
"""
In OpenSSL 1.0.x, a quirk in certificate verification means that even
clients that trust ISRG Root X1 will fail when presented with the
Android-compatible certificate chain we are recommending by default.
"""
>
> This transition, giving the scale of Let'sEncrypt actual use is
> probably going fine. Satellites are not falling from the sky (Oh,
> thank inertia for that? oka-ay).
>
> I want to thank Paul for bringing up our BBB server for our Monday
> meeting. And may be spread found info
> https://github.com/bigbluebutton/greenlight/issues/2927
>
> I have a suspicion that many services are down because of nuances. And
> issues may have, old ubuntu 16, without new certificate, or an expired
> certificate's failure is not letting libs to use new cert. Certbot
> flag --preferred-chain is a news to me, while I knew from history
> that Let'sEncrypt relied on several chains for introduction.
>
More information about the kwlug-disc
mailing list