On Thu, May 14, 2026 at 08:38:31AM -0400, Bill Cole via Postfix-users wrote:
> On 2026-05-14 at 02:43:06 UTC-0400 (Thu, 14 May 2026 16:43:06 +1000)
> Viktor Dukhovni via Postfix-users <[email protected]>
> is rumored to have said:
>
> [...]
> >
> > [ Maybe they botched customising the supported signature algorithms in
> > an effort to turn off SHA-224? :-) ]
>
> Or maybe something related to
> https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105
>
> Forcing a reissue now may resolve the problem.
Not relevant here, the E7 certificate in the chain was issued by ISRG
X1, not YE1.
$ openssl crl2pkcs7 -nocrl -certfile /tmp/chain.pem | openssl pkcs7 -noout
-print_certs
subject=CN=mail.sermon-archive.info
issuer=C=US, O=Let's Encrypt, CN=E7
subject=C=US, O=Let's Encrypt, CN=E7
issuer=C=US, O=Internet Security Research Group, CN=ISRG Root X1
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
