My 2 month old cert from LE errors out because of intermediate R3 expiration on Android 11 in Fairemail... as expected?
Will regen...✎
Licaon_Kter
My 2 month old cert from LE errors out because of intermediate R3 expiration on Android 11 in Fairemail (IMAP)... as expected?
Will regen... ✏
jgarthas joined
loopboomhas left
reezq12has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Echo1has left
Echo1has joined
writer77has joined
神楽坂喵has left
jgarthas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
karimhas left
karimhas joined
神楽坂喵has joined
sanderhas left
Menel
But does regen help? The intermediate cert stays expired, no? I have a similar problem with DAVx5
Licaon_Kter
Ok, regen helped, fyi.
Licaon_Kter
On regen it might not be as an intermediate, right?
Ian Macdonaldhas joined
Ian Macdonaldhas left
allbombsonhas left
allbombsonhas joined
allbombsonhas left
allbombsonhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
kuba_has joined
Licaon_Kter
crt.sh still says R3...I dunno, and don't care now, daaamit :(
Menel
Ahx the intermediate expired? Not the root we were talking about...
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
That chart seems so simple there..
Menel
But somehow there is more to it I don't get'
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Licaon_Kter
R3 went from DST X3 to their ISRG Root X1 as crosssigned
ij
https://blog.windfluechter.net/2021/09/29/letsencrypt-ca-chain-issues-with-ejabberd/ - check if there are old unused ssl certs with old chain and update your certstores (Debian: update-ca-certificates)
Steven Roosehas left
Steven Roosehas joined
ilmaisin_has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
allbombsonhas left
allbombsonhas joined
allbombsonhas left
allbombsonhas joined
Ian Macdonaldhas joined
karimhas left
Ian Macdonaldhas left
karimhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
ssshas left
karimhas left
karimhas joined
croaxhas left
karimhas left
karimhas joined
me9has left
Licaon_Kter
ij: do note that Conversations, at least, did not complain about the ejabberd server with the same cert.
karimhas left
karimhas joined
homebeachhas left
homebeachhas joined
Ian Macdonaldhas joined
sebastianhas left
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
sebastianhas joined
karimhas left
karimhas joined
madmalkavhas joined
karmehas joined
ij
Well, it seems that it really depends how the chain is handled. Apache had no issues as well (SSLlabs), but then again in Apache you configure one cert per vhost while in Ejabberd it reads all certs in directory and pick the one needed for the vhost. Maybe Android does similar things… or Conversations has its own check of the chain…
balabol.imhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Bjarkanhas joined
ilmaisin_has left
greenkeeperhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
karimhas left
Bjarkanhas left
Mhdyrihas joined
malthehas joined
balabol.imhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
albertohas left
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
kagurazakanyaahas left
lorddavidiiihas left
qrpnxzhas left
qrpnxzhas joined
karimhas joined
Martinhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
allbombsonhas left
lorddavidiiihas joined
allbombsonhas joined
Licaon_Kter
ij: do post that guide on Fedi ;)
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
patascahas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
georgeorwellhas joined
allbombsonhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
ij
done on Mastodon
allbombsonhas joined
Mhdyrihas left
Menel
R3 was outdated.. I think that should be also considers by the acme client. Or did letsencrypt it not supply some month in advance? A manual renew was enough.
albertohas joined
karimhas left
karimhas joined
reezq11has joined
reezq12has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
karimhas left
karimhas joined
allbombsonhas left
allbombsonhas joined
ianhas left
ianhas joined
soundconcepthas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
karmehas left
abslimithas left
karmehas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
allbombsonhas left
allbombsonhas joined
abslimithas joined
marevalohas joined
soundconcepthas joined
kikuchiyohas joined
malthehas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Finnhas left
malthehas joined
Finnhas joined
patascahas left
Frankhas left
Finnhas left
Finnhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
homebeachhas left
homebeachhas joined
benkhas joined
balabol.imhas left
antranigvhas joined
balabol.imhas joined
Frankhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
soundconcepthas left
malthehas left
antranigvhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq11has left
Bjarkanhas joined
ianhas left
ianhas joined
soundconcepthas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq12has left
reezq11has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Menelhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
alienhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
abslimithas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
croaxhas joined
soundconcepthas left
abslimithas joined
allbombsonhas left
allbombsonhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Menelhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
soundconcepthas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
神楽坂喵has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Mhdyrihas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq11has left
johgus78has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
marc0shas left
marc0shas joined
madmalkavhas left
marevalohas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
abslimithas left
abslimithas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
georgeorwellhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
qrpnxzhas left
qrpnxzhas joined
allbombsonhas left
allbombsonhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Bjarkanhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
Martin
ij: Seems to be the case.
creep.im:
> x509: certificate has expired or is not yet valid: current time 2021-09-30T09:53:57+02:00 is after 2021-09-29T19:21:40Z
deshalbfrei.org fixed it already.
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
madmalkavhas joined
sonnyhas left
sonnyhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Bjarkanhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
神楽坂喵has joined
antranigvhas joined
Ian Macdonaldhas joined
Bjarkanhas left
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Licaon_Kterhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Licaon_Kterhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
ij
Maybe someone[tm] should create an issue for ejabberd? ;)
ij
but I’m not really 100% sure if this is an ejabberd bug or not…
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
madmalkavhas left
神楽坂喵has left
Martin_has left
Bjarkanhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Martin_has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Bjarkanhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ivan A.has left
Ivan A.has joined
greenkeeperhas left
kikuchiyohas left
Bjarkanhas joined
antranigvhas left
antranigvhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
soundconcepthas left
raclettehas joined
raclettehas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq11has joined
reezq12has joined
Bjarkanhas left
greenkeeperhas joined
Mhdyrihas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
creep.imhas joined
soundconcepthas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
kuba_has left
kuba_has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
sanderhas joined
sanderhas left
sanderhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
ru_maniachas joined
soundconcepthas left
神楽坂喵has joined
ru_maniachas left
ru_maniachas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Bjarkanhas joined
madmalkavhas joined
kuba_has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Licaon_Kter
Martin: I've pinged creep.im admin
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ivan A.has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq12has left
Ivan A.has joined
marc0shas left
marc0shas joined
reezq11has left
Bjarkanhas left
Maranda
Licaon_Kter: X3 expired and was just removed from the chain of all newly issued certs (previously chain was R3, ISRG Root X1 and DST Root CA X3... the latter was removed)
madmalkavhas left
southerntofuhas left
southerntofuhas joined
Samhas joined
Djangohas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Maranda
But that causes issues with all newly issued certificates apparently that aren't cross signed by X3 as well.
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
ilmaisin_has joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ivan A.has left
Bjarkanhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
qrpnxzhas left
qrpnxzhas joined
Ivan A.has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Bjarkanhas left
Bjarkanhas joined
georgeorwellhas joined
soundconcepthas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
神楽坂喵has left
404.cityhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
404.cityhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
zp1.nethas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Sam
Might be useful to some server operators out there who accept donations: https://xmpp.org/2021/09/the-xsf-as-a-fiscal-host/
Ge0rG
Hm. Having a solid donation source on the order of ~15€/mo would allow me to move yax.im to proper hardware that's not cursed.
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
millesimushas left
madmalkavhas joined
kuba_has joined
allbombsonhas left
mjkhas joined
Sam
Ge0rG: I've been thinking about doing a cooperatively run XMPP server if I could find a few people who wanted to split the cost of hosting it. Maybe you'd be interested in splitting the cost with a few other servers that are all hosted on the same machine(s)?
Ian Macdonaldhas joined
Ian Macdonaldhas left
allbombsonhas joined
millesimushas joined
Ian Macdonaldhas joined
Ge0rG
Sam: I'm not sure yet if I want to share responsibility as well
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Sam
I was kind of thinking individuals could chip in to get an account on some generic server domain, but other servers could chip in to have their own entire server (with their own rules and registration and what not) hosted too
Sam
(or individuals who wanted to bring their own domain or what not)
Sam
Anyways, this is all just something I've been toying around with in my head; no real serious plans yet. Might be useful as far as not having to pay for expensive hardware though.
zp1.net: read above, they said they'll take a look ✏
Ian Macdonaldhas joined
Ian Macdonaldhas left
ianhas left
ianhas joined
kagurazakanyaahas joined
Marcohas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
soundconcepthas joined
rosshas left
rosshas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
rosshas left
rosshas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
madmalkavhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq12has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
mjk
Funny thing is, I think this room's host still maintains connection to creep.im that was established prior to expiry
reezq11has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq12has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
sanderhas left
sanderhas joined
sonnyhas left
sonnyhas joined
kuba_has left
madmalkavhas left
zp1.net
yes the s2s connection is working but i get every 12 hours a warning
Ian Macdonaldhas joined
Ian Macdonaldhas left
marevalohas joined
konxhas left
reezq12has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
mjk
zp1.net: you mean you're not enforcing valid certs?
zp1.net
mjk, sure but it looks like the s2s connection is not interrupted when a cert expires
ilmaisin_has left
mjk
Ah, yeah
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
zp1.net
because the s2s connection as build with a valid certificate
Ian Macdonaldhas left
zp1.net
if I now reboot the server the connection will not be rebuild
kuba_has joined
神楽坂喵has left
mjk
Nice that there are periodic warnings
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
ianhas left
ianhas joined
konxhas joined
Maranda[x]has joined
soundconcepthas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
marc0shas left
marc0shas joined
神楽坂喵has joined
ilmaisin_has joined
marc0shas left
marc0shas joined
Mhdyrihas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
reezq12has joined
zp1.net
but what I do not understand is , why, it is so easy to make certbot renew the certificate with a crontab ...
simply add "* 0-23/1 * * * certbot renew" to crontab and your done
zp1.net
this will check every hour if the certificates still valid and renew them if they are not
mjk
zp1.net: it's not the domain cert that expired, it's the intermediate one. Cron won't help
ij
well, the certs are still valid, but the chain is not… or to put it different: the wrong chain is being picked when checking the certs… maybe from some certstore and not from fullchain.pem
kuba_has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
mayone3has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
mjk
I wonder how much more breakage will be observed when DST Root will expire in a few hours, heheh. "Valid through" on roots shouldn't matter, but, yknow...
mjk
Anything that might go wrong, will
神楽坂喵has left
reezq12has left
Menel
If the servers are up to date, it shouldn't be a problem for s2s, and they said old android would be covered..
Licaon_Kter
> do note that Conversations, at least, did not complain about the ejabberd server with the same cert.
Rethinking this...I did not try to reconnect though, maybe I would have seen it for ejabberd too.
Martin
`certbot --reuse-key` if you ever want to use dane. 😉
sonnyhas left
sonnyhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
madmalkavhas joined
Ellenor Bjornsd.
meow
Martin
?
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
ilmaisin_has left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
mimi89999has left
kuba_has joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ellenor Bjornsd.
I just realized that was like keying up on 121.5 and meowing ;-;
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
WojtekIMhas joined
Wojtekhas joined
Mjolnir Archonhas left
Marandahas left
edhelashas left
edhelashas joined
Marandahas joined
Mjolnir Archonhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
ianhas left
ianhas joined
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
Ian Macdonaldhas joined
Ian Macdonaldhas left
sanderhas left
Ian Macdonaldhas joined
bunghas joined
madmalkavhas left
kuba_has left
mimi89999has joined
kuba_has joined
ianhas left
ianhas joined
kryptoshas joined
nickomemohas left
Mhdyrihas left
marc0shas left
marc0shas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
kuba_has left
kuba_has joined
edhelashas left
edhelashas joined
Calvinhas joined
Bjarkanhas left
wladmishas left
loopboomhas joined
ru_maniac
there's a --preferred-chain argument for certbot, which will allow to select ISRG root explicitly, without relying on software to properly choose between two chains
ru_maniac
i've enforced it during periodic re-sign for now, seems to be working as it's supposed to
Maranda
why certbot isn't using the new chain?
Maranda
oof...
ru_maniac
it uses two by default
Bjarkanhas joined
ru_maniac
which lefts an option for software to select between the two, which is handy in case of old Androids, say, 2.3.6, which do not have ISRG root in their CA storage
wladmishas joined
Maranda
ru_maniac: oh yeah you're right just noticed there's two entries
loopboomhas left
loopboomhas joined
soundconcepthas joined
Marandajust dumped meaveen.lightwitch.org in https://chainchecker.certifytheweb.com/
ru_maniac
my point is that one can force ISRG root to be selected explicitly, which will force certbot to drop DST one -- originally, it was intended to go the other way around, but still, useful
madmalkavhas joined
ianhas left
ianhas joined
reezq12has joined
loopboomhas left
wladmishas left
wladmishas joined
wladmishas left
rosshas left
kryptoshas left
rosshas joined
croaxhas left
creep.imhas left
mjkhas left
Alex (elaon.de)has left
croaxhas joined
Alex (elaon.de)has joined
ru_maniac
i've ultimately elected to switch to ISRG root only, cause my service is being used only by members of my immediate family, and no one has a phone or computer with an OS old enough for this to cause problems
wladmishas joined
Maranda
I would like to, as well but certbot on Arch seems to ignore --preferred-chain="ISRG Root X1"
Marandafumes.
reezq11has joined
madmalkavhas left
croaxhas left
Ge0rG
Maranda: maybe it's just taking the wrong ISRG Root X1 cert? ;)
croaxhas joined
Ge0rG
Their naming scheme is... unfortunate
Maranda
Ge0rG: that's not how it is supposed to work I think, I found a related bug as well on github
Maranda
That's quite annoying none the less.
mjkhas joined
creep.imhas joined
creep.imhas left
mjkhas left
ru_maniac
>> I would like to, as well but certbot on Arch seems to ignore --preferred-chain="ISRG Root X1"
I had to update my instance of certbot to the latest one
ru_maniac
I was using 1.3.0 before, available thru debian repos, and had to switch to snap shipment in order to make it work
ru_maniac
1.19.1 works just fine
mogad0nhas left
mayone3has left
xihas left
mayone3has joined
millesimushas left
wladmishas left
millesimushas joined
xihas joined
mjkhas joined
creep.imhas joined
Maranda
arch has 1.19.0-1
mayone3has left
ru_maniac
hm, where exactly in the command are you putting that argument?
creep.imhas left
mjkhas left
mayone3has joined
soundconcepthas left
ru_maniac
I put it right before --force-renew, just like that
/usr/local/bin/certbot certonly --force-renew --preferred-chain "ISRG Root X1" --dns-cloudflare [...]
After briefly mentioning it here earlier and having a minor outage (that would have probably not happened if I were using a proper server on proper hardware) I decided to actually start gathering interest in a possibly co-operatively run server. I anyone is interested in helping start a new server for our personal use, join xmpp:unnamedchatcoop@mellium.chat?join
mayone3has joined
reezq12has left
madmalkavhas joined
Bjarkanhas joined
sebastianhas left
sebastianhas joined
rosshas left
rosshas joined
Mhdyrihas left
Mhdyrihas joined
Bjarkanhas left
rosshas left
rosshas joined
Samhas left
marc0shas left
marc0shas joined
Bjarkanhas joined
marc0shas left
marc0shas joined
ernst.on.tourhas left
ernst.on.tourhas joined
ernst.on.tourhas left
ernst.on.tourhas joined
kuba_has left
Jawmaanhas left
Bjarkanhas left
Bjarkanhas joined
creep.imhas left
mjkhas left
kryptoshas joined
jjrhhas left
jjrhhas joined
nickomemohas joined
mjkhas joined
anhydroushas left
creep.imhas joined
mogad0nhas joined
Bjarkanhas left
creep.imhas left
mjkhas left
Mhdyrihas left
creep.imhas joined
spicybitshas left
spicybitshas joined
wladmishas joined
mjkhas joined
greenkeeperhas left
greenkeeperhas joined
Bjarkanhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
inkyhas joined
Bjarkanhas left
kryptoshas left
allbombsonhas left
kuba_has joined
allbombsonhas joined
ChronosX88has left
ChronosX88has joined
Bjarkanhas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
Menelhas left
mogad0nhas left
mogad0nhas joined
hugues lombardhas joined
hugues lombardhas left
kuba_has left
Menelhas joined
kuba_has joined
reezq11has joined
sanderhas joined
reezq12has joined
allbombsonhas left
allbombsonhas joined
sanderhas left
sanderhas joined
Mjolnir Archonhas left
Marandahas left
Marandahas joined
Mjolnir Archonhas joined
greenkeeperhas left
greenkeeperhas joined
abslimithas left
lorddavidiiihas joined
lorddavidiiihas left
kuba_has left
kuba_has joined
lorddavidiiihas joined
abslimithas joined
Ivan A.has left
Calvinhas left
Bjarkanhas left
malthehas joined
allbombsonhas left
allbombsonhas joined
Bjarkanhas joined
sanderhas left
zp1.nethas left
sanderhas joined
zp1.nethas joined
Ivan A.has joined
x51has joined
reezq12has left
balabol.imhas left
kuba_has left
kuba_has joined
allbombsonhas left
allbombsonhas joined
reezq12has joined
allbombsonhas left
allbombsonhas joined
Menelhas left
Menelhas joined
404.cityhas joined
balabol.imhas joined
Bjarkanhas left
mayone3has left
Bjarkanhas joined
404.cityhas left
perflysthas joined
mayone3has joined
mayone3has left
malthehas left
allbombsonhas left
allbombsonhas joined
mayone3has joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
inkyhas left
abslimithas left
greenkeeperhas left
greenkeeperhas joined
raclettehas joined
raclettehas left
kryptoshas joined
Bjarkanhas left
Bjarkanhas joined
allbombsonhas left
allbombsonhas joined
Menelhas left
abslimithas joined
ij
+ ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34316xxxxx (Status 500) - hmmm… now LE itself has issues?
abslimithas left
abslimithas joined
Ge0rG
Le Breakdówn
Maranda
💥💥💥
marc0shas left
marc0shas joined
euandrehhas joined
greenkeeperhas left
bunghas left
allbombsonhas left
allbombsonhas joined
greenkeeperhas joined
Bjarkanhas left
Ivan A.has left
surenhas left
bunghas joined
euandrehhas left
Bjarkanhas joined
allbombsonhas left
allbombsonhas joined
anhydroushas joined
bunghas left
bunghas joined
takaeshihas joined
reezq12has left
takaeshihas left
allbombsonhas left
allbombsonhas joined
ernst.on.tour
Keep fingers crossed that german gov doesn't use LE, there seems to be a IT-Breakdown in Berlin :-D
spicybitshas left
spicybitshas joined
emushas left
Bjarkanhas left
kuba_has left
kuba_has joined
reezq11has left
perflysthas left
allbombsonhas left
allbombsonhas joined
greenkeeperhas left
greenkeeperhas joined
mimi89999has left
allbombsonhas left
allbombsonhas joined
malthehas joined
edhelashas left
edhelashas joined
quantumwingshas joined
kryptoshas left
spicybitshas left
spicybitshas joined
spicybitshas left
Bjarkanhas joined
kuba_has left
albertohas left
ijhas left
sonnyhas left
sonnyhas joined
kuba_has joined
ijhas joined
sanderhas left
sanderhas joined
WojtekIMhas left
Wojtekhas left
johgus78has joined
henrikhas left
henrikhas joined
benkhas left
kuba_has left
kuba_has joined
Licaon_Kter
Their 112 and 110 was broken the other day in the whole country... LE breaking sounds easy-peasy ;))
madmalkavhas left
lorddavidiiihas left
lorddavidiiihas joined
lorddavidiiihas left
lorddavidiiihas joined
lorddavidiiihas left
Bjarkanhas left
lorddavidiiihas joined
lorddavidiiihas left
kuba_has left
Bjarkanhas joined
lorddavidiiihas joined
me9has joined
lorddavidiiihas left
Mhdyrihas joined
lorddavidiiihas joined
mimi89999has joined
lorddavidiiihas left
albertohas joined
lorddavidiiihas joined
lorddavidiiihas left
WojtekIMhas joined
Wojtekhas joined
kuba_has joined
lorddavidiiihas joined
lorddavidiiihas left
Bjarkanhas left
jl4has joined
Bjarkanhas joined
lorddavidiiihas joined
lorddavidiiihas left
jl4has left
jl4has joined
edhelashas left
jl4has left
jl4has joined
lorddavidiiihas joined
lorddavidiiihas left
kuba_has left
lorddavidiiihas joined
lorddavidiiihas left
lorddavidiiihas joined
lorddavidiiihas left
kuba_has joined
jl4has left
jl4has joined
lorddavidiiihas joined
lorddavidiiihas left
jl4has left
jl4has joined
lorddavidiiihas joined
lorddavidiiihas left
lorddavidiiihas joined
jl4has left
jl4has joined
lorddavidiiihas left
hugues lombardhas joined
Menelhas joined
jl4has left
jl4has joined
kuba_has left
Mhdyrihas left
bunghas left
lorddavidiiihas joined
lorddavidiiihas left
kuba_has joined
lorddavidiiihas joined
lorddavidiiihas left
antranigvhas left
antranigvhas joined
antranigvhas left
lorddavidiiihas joined
lorddavidiiihas left
antranigvhas joined
antranigvhas left
antranigvhas joined
lorddavidiiihas joined
lorddavidiiihas left
bunghas joined
lorddavidiiihas joined
jl4has left
jl4has joined
lorddavidiiihas left
ricciohas joined
lorddavidiiihas joined
lorddavidiiihas left
jl4has left
jl4has joined
Mhdyrihas joined
marc0shas left
marc0shas joined
madmalkavhas joined
lorddavidiiihas joined
lorddavidiiihas left
jl4has left
jl4has joined
lorddavidiiihas joined
lorddavidiiihas left
jl4has left
jl4has joined
Mhdyrihas left
Mhdyrihas joined
lorddavidiiihas joined
lorddavidiiihas left
lorddavidiiihas joined
jl4has left
jl4has joined
lorddavidiiihas left
lorddavidiiihas joined
lorddavidiiihas left
kuba_has left
jl4has left
jl4has joined
lorddavidiiihas joined
lorddavidiiihas left
lorddavidiiihas joined
lorddavidiiihas left
kuba_has joined
jl4has left
jl4has joined
lorddavidiiihas joined
jl4has left
lorddavidiiihas left
jl4has joined
lorddavidiiihas joined
lorddavidiiihas left
mayone3has left
mayone3has joined
lorddavidiiihas joined
lorddavidiiihas left
jl4has left
jl4has joined
inkyhas joined
jl4has left
lorddavidiiihas joined
jl4has joined
lorddavidiiihas left
marc0shas left
marc0shas joined
ij
gna… DST Root X3 still listed in newly created certs…