-
Martin
> Establishing a secure connection from mdosch.de to chat.sum7.eu failed. Certificate hash: 62810c898f02799c7632161528e3f076e98e01960708366ab195d70d89df313a. Error with certificate 0: certificate has expired. > Establishing a secure connection from mdosch.de to spootle.de failed. Certificate hash: 7e2c021aea6dcdbfc77e0de2d14d0edcdab09557d81bc17aebbba544d98c5ea7. Error with certificate 0: certificate has expired.
-
Licaon_Kter
Martin: sum7, I've pinged Geno✎ -
Licaon_Kter
Martin: sum7, I've pinged Genofire ✏
-
Martin
Thx
-
Loer@xmpp.jp
Hi people!
-
Licaon_Kter
Loer@xmpp.jp: Hi there. What brings you to this corner of the ecosystem?
-
VesselWave
Hello, as I know, the only way to get A A on xmpp.net is to get non let's ecrypt certficate (e.g. ZeroSSL). Because old root cert of let's encrypt is expired, but new root is not trusted
-
Licaon_Kter
VesselWave: your cert regen program doesn't have a preferred intermediate settings? Eg. certbot has, acme.sh has etc
-
Licaon_Kter
Martin: test sum7 again?
-
VesselWave
Licaon: I got let's encrypt cert with certbot, on website this cert is OK, in xmpp clients OK, but not in xmpp.net. Then I got ZeroSSL with acme.sh and my server became A A on xmpp.net. My server is SatisPrivacy.org. You say, I should get let's encrypt with acme.sh?
-
MattJ
VesselWave: ignore xmpp.net, it is broken
-
Licaon_Kter
VesselWave: read again
-
MattJ
Conversations like this just make me want to take it offline sooner
-
Licaon_Kter
MattJ: just add a text banner, _"if intermediate then expect worse score"_
-
MattJ
There is already a banner
-
Licaon_Kter
Oh
-
raver
MattJ: but the banner says there is a replacement, planned... Any date when it will be released🙂✎ -
raver
MattJ: but the banner says there is a replacement, planned... Any date when it will be released?🙂 ✏
-
MattJ
No date
-
raver
Thanks Hopefully before conversations 3🤪
-
raver
Is there a repository to potentially contribute?
-
Licaon_Kter
> Thanks Hopefully before conversations 3🤪 2025 confirmed!
-
MattJ
raver: https://github.com/horazont/testxmpp
-
raver
MattJ: thx
-
VesselWave
Licaon_Kter‎: Now I understood. I had to choose to use new root certificate. https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain. Why it isn't default after six month of expiration? it's another question to acme.sh and cerbot
-
MattJ
VesselWave, the expiration is not a problem, it improves compatibility with some devices
-
MattJ
It's intentional that it is still the default, because it has the best compatibility (but not 100%, because some software does not handle it well)
-
MattJ
This is mostly software using very old versions of OpenSSL, which should not be used anyway
-
VesselWave
OK, thanks
-
MattJ
xmpp.net is one of the pieces of software that does not handle it well, but it's old and will probably be taken down and/or replaced in the near future