[outages] SSL rollover - Let's Encrypt etc
James Lawrie
outages at jdlawrie.co.uk
Sun Oct 10 16:49:34 EDT 2021
It’s worth noting as well that this affects openssl 1.0.1 even if they
have the new root cert.
So curl on Debian 8, Debian 9, OSX 10.14.6 etc. will report SSL
certificate expired.
Browsers there will work, but APIs might fail.
I wrote about it a little here with a (per-server) workaround:
https://silvermou.se/letsencrypt-60-ssl-certificate-problem-certificate-has-expired/
> On 10 Oct 2021, at 16:52, Jay R. Ashworth via Outages wrote:
>
>> I meant to post this when it happened, and I think I forgot. :-}
>>
>> The SSL Root cert that underlies Let's Encrypt's root expired on
>> 30-Sept,
>> and the new root that underlies it is not in the Root Certificate
>> Package of
>> some still pretty widely deployed OS versions, including OS/X
>> <10.12.1.
>>
>> Lots of people are getting their certs from Let's these days,
>> including
>> Wikipedia.
>>
>> So if you've gotten any reports from the field that people can't
>> access
>> {websites,your websites} it's worth looking into whether this is why.
>>
>> Tier 2/3 detail:
>> https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
>>
>> Cheers,
>> -- jra
>>
>> Replies, as always, to -discuss
>>
>> --
>> Jay R. Ashworth Baylink
>> jra at baylink.com
>> Designer The Things I Think
>> RFC 2100
>> Ashworth & Associates http://www.bcp38.info 2000 Land
>> Rover DII
>> St Petersburg FL USA BCP38: Ask For It By Name! +1 727
>> 647 1274
>> _______________________________________________
>> Outages mailing list
>> Outages at outages.org
>> https://puck.nether.net/mailman/listinfo/outages
More information about the Outages
mailing list