XMPP Service Operators - 2022-04-05

  1. Martin

    > Establishing a secure connection from mdosch.de to chat.sum7.eu failed. Certificate hash: 62810c898f02799c7632161528e3f076e98e01960708366ab195d70d89df313a. Error with certificate 0: certificate has expired. > Establishing a secure connection from mdosch.de to spootle.de failed. Certificate hash: 7e2c021aea6dcdbfc77e0de2d14d0edcdab09557d81bc17aebbba544d98c5ea7. Error with certificate 0: certificate has expired.

  2. Licaon_Kter

    Martin: sum7, I've pinged Geno

  3. Licaon_Kter

    Martin: sum7, I've pinged Genofire

  4. Martin

    Thx

  5. Loer@xmpp.jp

    Hi people!

  6. Licaon_Kter

    Loer@xmpp.jp: Hi there. What brings you to this corner of the ecosystem?

  7. VesselWave

    Hello, as I know, the only way to get A A on xmpp.net is to get non let's ecrypt certficate (e.g. ZeroSSL). Because old root cert of let's encrypt is expired, but new root is not trusted

  8. Licaon_Kter

    VesselWave: your cert regen program doesn't have a preferred intermediate settings? Eg. certbot has, acme.sh has etc

  9. Licaon_Kter

    Martin: test sum7 again?

  10. VesselWave

    Licaon: I got let's encrypt cert with certbot, on website this cert is OK, in xmpp clients OK, but not in xmpp.net. Then I got ZeroSSL with acme.sh and my server became A A on xmpp.net. My server is SatisPrivacy.org. You say, I should get let's encrypt with acme.sh?

  11. MattJ

    VesselWave: ignore xmpp.net, it is broken

  12. Licaon_Kter

    VesselWave: read again

  13. MattJ

    Conversations like this just make me want to take it offline sooner

  14. Licaon_Kter

    MattJ: just add a text banner, _"if intermediate then expect worse score"_

  15. MattJ

    There is already a banner

  16. Licaon_Kter

    Oh

  17. raver

    MattJ: but the banner says there is a replacement, planned... Any date when it will be released🙂

  18. raver

    MattJ: but the banner says there is a replacement, planned... Any date when it will be released?🙂

  19. MattJ

    No date

  20. raver

    Thanks Hopefully before conversations 3🤪

  21. raver

    Is there a repository to potentially contribute?

  22. Licaon_Kter

    > Thanks Hopefully before conversations 3🤪 2025 confirmed!

  23. MattJ

    raver: https://github.com/horazont/testxmpp

  24. raver

    MattJ: thx

  25. VesselWave

    Licaon_Kter‎: Now I understood. I had to choose to use new root certificate. https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain. Why it isn't default after six month of expiration? it's another question to acme.sh and cerbot

  26. MattJ

    VesselWave, the expiration is not a problem, it improves compatibility with some devices

  27. MattJ

    It's intentional that it is still the default, because it has the best compatibility (but not 100%, because some software does not handle it well)

  28. MattJ

    This is mostly software using very old versions of OpenSSL, which should not be used anyway

  29. VesselWave

    OK, thanks

  30. MattJ

    xmpp.net is one of the pieces of software that does not handle it well, but it's old and will probably be taken down and/or replaced in the near future