[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Expiration Event September 2021
From: |
Ian Kelling |
Subject: |
Re: Certificate Expiration Event September 2021 |
Date: |
Wed, 06 Oct 2021 11:08:34 -0400 |
User-agent: |
mu4e 1.7.0; emacs 28.0.50 |
Bob Proulx <INVALID.NOREPLY@gnu.org> writes:
> On September 30, 2021, as planned the DST Root CA X3 cross-sign has expired
> for the Let's Encrypt trust chain. That was a normal and planned event.
> However coupled with a verification error in the code of libraries
> authenticating certificates it caused some clients that have not been updated
> to fixed versions to have problems validating certificates.
>
> If you are experiencing invalid certificate chain problems with Let's Encrypt
> certificates (not a Savannah problem) then please upgrade your client to the
> latest security patches for your system. Please reference these resources as
> to upstream information and discussion about the issue.
>
> * https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
> * https://community.letsencrypt.org/t/production-chain-changes/150739/4
> * https://letsencrypt.org/docs/certificate-compatibility/
> * https://letsencrypt.org/certificates/
> * https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>
>
> _______________________________________________
> Message sent via Savannah
> https://savannah.nongnu.org/
With a little googling, seems like this is the way to remove the expired
root cert on trisquel 8, suggested from
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
sudo sed -i"" 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/'
/etc/ca-certificates.conf
sudo dpkg-reconfigure -fnoninteractive ca-certificates
sudo update-ca-certificates