On Sat, May 30, 2020 at 11:40 PM Duncan Murdoch <murdoch.dun...@gmail.com> wrote: > > On 30/05/2020 5:23 p.m., Bob Rudis wrote: > > I've updated the dashboard (https://rud.is/r-project-cert-status/) > > script and my notifier script to account for the entire chain in each > > cert. > > You never posted which certificate has expired. Your dashboard shows > they're all valid, but the download still fails, presumably because > something not shown has expired.
To see the problem in R: certs <- openssl::download_ssl_cert('cran.r-project.org') as.list(certs[[3]]) Shows the root cert expires today. > Hopefully someone who can actually act on this can figure out what needs > doing. The apache server will have a config entry SSLCertificateFile which points to a cert bundle (in nginx servers this is called "ssl_certificate"). If you open this in a text editor it contains the 3 certs, in PEM format, so 3 entires like this: -----BEGIN CERTIFICATE----- [base64 cert] -----END CERTIFICATE----- What you need to do is replace the final certificate with this one (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then restart the server. See here for details: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 . This site talks about "For business processes that depend on very old systems...." but the reality is that this affects everything that uses openssl for https, including curl, svn, etc. ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel