savannah-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Expiration Event September 2021


From: Ian Kelling
Subject: Re: Certificate Expiration Event September 2021
Date: Wed, 06 Oct 2021 11:08:34 -0400
User-agent: mu4e 1.7.0; emacs 28.0.50

Bob Proulx <INVALID.NOREPLY@gnu.org> writes:

> On September 30, 2021, as planned the DST Root CA X3 cross-sign has expired
> for the Let's Encrypt trust chain.  That was a normal and planned event. 
> However coupled with a verification error in the code of libraries
> authenticating certificates it caused some clients that have not been updated
> to fixed versions to have problems validating certificates.
>
> If you are experiencing invalid certificate chain problems with Let's Encrypt
> certificates (not a Savannah problem) then please upgrade your client to the
> latest security patches for your system.  Please reference these resources as
> to upstream information and discussion about the issue.
>
> * https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
> * https://community.letsencrypt.org/t/production-chain-changes/150739/4
> * https://letsencrypt.org/docs/certificate-compatibility/
> * https://letsencrypt.org/certificates/
> * https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>
>
> _______________________________________________
>   Message sent via Savannah
>   https://savannah.nongnu.org/

With a little googling, seems like this is the way to remove the expired
root cert on trisquel 8, suggested from
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

sudo sed -i"" 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/' 
/etc/ca-certificates.conf
sudo dpkg-reconfigure -fnoninteractive ca-certificates
sudo update-ca-certificates



reply via email to

[Prev in Thread] Current Thread [Next in Thread]