Trust issues with Let's Encrypt

Gespeichert von Erik Wegner am/um
Aufmacherbild

To make the web more secure, Let's Encrypt issues certificates for everyone. They recently changed the root certificate, which is not a problem on its own.

But for a transition period, certificates may be signed by both (the old and the new) root certificates. An old openssl installation selects the older certificate and complains that it is expired.

ERROR: cannot verify www.jenkins.io's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
 Issued certificate has expired.

To handle the situation on Ubuntu 16.04 (xenial), the site https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ has the working answer: disable the expired root certificate (DST Root CA X3) in the system. Use the following command to open the configuration dialog and disable the certificate mozilla/DST_Root_CA_X3.crt:

sudo dpkg-reconfigure ca-certificates

Now the app happily connects to servers with current Let's Encrypt certificates.

Bilder

Neuen Kommentar hinzufügen

Hilfe zum Textformat

Activitypub

  • Erlaubte HTML-Tags: <a href hreflang> <em> <strong> <ul type> <ol start type='1 A I'> <li> <dl> <dt> <dd> <h2 id='jump-*'> <h3 id> <h4 id> <h5 id> <h6 id>
  • Zeilenumbrüche und Absätze werden automatisch erzeugt.
  • Website- und E-Mail-Adressen werden automatisch in Links umgewandelt.