-
Amolith
@version nixnet.services
-
Echo1
Amolith: nixnet.services is running ejabberd version 21.01-2 on unix/linux 5.13.13
-
Amolith
@version secluded.site
-
Echo1
Amolith: secluded.site is running ejabberd version 21.01-2 on unix/linux 5.13.13
-
Amolith
Well that's cool
-
Menel
Everybody using letsencrypt already warned their users? https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
-
Licaon_Kter
Back in January? Or last year?
-
Menel
But now is for real®
-
ij
For some reasons, xmpp.net reports X3 cert for some of my domains as expiring in 4 days while SSLlabs are fine with it and shows end date in 3 years. The on-disk chain.pem is correct and using the newer X3 cert, so no idea what’s happening here…
-
jonas’
ij, it depends on whether the tool builds the chain using the DST root or not
-
jonas’
you can build, even with the current X3, a chain to the DST root expiring next week
-
jonas’
if you take the expiry of that chain instead of the chain with the X3 Let's Encrypt root, you end up with an expiration next week
-
ij
local X3 cert was the old one, but update-ca-certificates pulled in the new one and certs were rebuild by running dehydrated -c -x afterwards
-
Licaon_Kter
The workarounds mentioned here do not apply anymore? https://xmpp.org/2020/12/the-xmpp-newsletter-november-2020/
-
jonas’
ij, the chain is built by the client, not by the server. so might very well be the xmpp.net root store at fault, I guess it hasn't been rebuilt since a year or so
-
Menel
For android letsencrypt already fixed it for another 4 years. > ...will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates. There’s one important exception: older Android devices that don’t trust ISRG Root X1 will continue to work with Let’s Encrypt, thanks to a special cross-sign from DST Root CA X3 that extends past that root’s expiration. This exception only works for Android.
-
Menel
Some strange measures that seem to be allowed: https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
-
jonas’
only affects android though
-
Menel
I wonder what's the first Ubuntu version that has the native letsencrypt root cert. And what windows version