It’s worth noting as well that this affects openssl 1.0.1 even if they
have the new root cert.
So curl on Debian 8, Debian 9, OSX 10.14.6 etc. will report SSL
certificate expired.
Browsers there will work, but APIs might fail.
I wrote about it a little here with a (per-server) workaround:
https://silvermou.se/letsencrypt-60-ssl-certificate-problem-certificate-has-expired/
On 10 Oct 2021, at 16:52, Jay R. Ashworth via Outages wrote:
I meant to post this when it happened, and I think I forgot. :-}
The SSL Root cert that underlies Let's Encrypt's root expired on
30-Sept,
and the new root that underlies it is not in the Root Certificate
Package of
some still pretty widely deployed OS versions, including OS/X
<10.12.1.
Lots of people are getting their certs from Let's these days,
including
Wikipedia.
So if you've gotten any reports from the field that people can't
access
{websites,your websites} it's worth looking into whether this is why.
Tier 2/3 detail:
https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
Cheers,
-- jra
Replies, as always, to -discuss
--
Jay R. Ashworth Baylink
[email protected]
Designer The Things I Think
RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land
Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727
647 1274
_______________________________________________
Outages mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/outages
_______________________________________________
Outages mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/outages
