Anyone who had issues with certs signed by Let's Encrypt may have noticed issues. They had a maj
"oops" by not renewing their own certs which made
all other certs under them appear expired.
https://www.yahoo.com/news/internet-goes-down-millions-tech-021400230.html
I know on iPhones, email accounts that use servers who have certs signed
by Let's Encrypt have issues. I'm not an Apple person but if anyone knows how to force an update of the cert without having to recreate an email account I'd love to hear from you.
... Old bookkeepers never die, they just lose their figures.
Arelor wrote to Brian Rogers <=-
Actually, for the sake of completition, what happened is that, before
they were popular, Let's Encrypt got their own certificate signed by a trusted CA (one of those which is trusted by most Operating Systems). Let's Encrypt eventually became popular enough that their own
certificate became widely trusted with the years, but the old signature was kept in the trust chain for legacy reasons.
If your Operating System is not junk you may be able to remove the
expired certificate from DST and install the Let's Encrypt one. If you can't do that then I am afraid your Operating System is junk and you should put it in /dev/null.
That's taking it a bit extreme. Your basically saying some slightly older mobile device operating syst
should get trashed. This really isn't a feasible solution. iOS 14 for example (even iOS 12 which is st
Arelor wrote to Brian Rogers <=-
I suspect I am turning into Theo de Raadt, but from the very bottom of
my heart: if you cannot modify the CA store of a device in order to replace expired trust chains, the device belongs to /dev/null.
Sysop: | deepend |
---|---|
Location: | Calgary, Alberta |
Users: | 240 |
Nodes: | 10 (0 / 10) |
Uptime: | 91:29:00 |
Calls: | 1,446 |
Calls today: | 2 |
Files: | 3,340 |
Messages: | 358,022 |