Debian8 impact question

I have a debian 8 web hosting server
And I use let's encrypt for my website certificates.
Am I impacted by the certificate expiration ?
#ca-certificates: 20141019+deb8u4

openssl: 1.0.1t-1+deb8u12

Hi @christophe31 welcome to the LE community forum :slight_smile:

Sorry about the late reply... but things have been a little bit busier than usual.

I can definitely say that OpenSSL <1.1 would need to be upgrade or patched:
See: Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - OpenSSL Blog
ca-certificates from 2014 is definitely in need of some updating.

What problem(s) are you currently having?
What problem(s) have you been able to overcome (if any)?

P.S. I moved this to a separate topic so as to get better/focused attention and not to be lost in that immense topic

5 Likes

You may also want to check out Debian 8.3.0-6 - Problems renewing certificates

3 Likes

The problems I am having is that some devices that connect to my server are getting a certificate error message. (really not much)
This fits well with the list of OS mentioned.

The question I have is on a Debian 8 server- is there anything I can do to avoid this?
Or as it is a server I don't have to do anything.
Thank you for your support

If you only control the client side, then you can only make changes there - try adding the missing roots.
If you only control the server side, then you have a couple of choices:

  • try changing the trust chain path with:
    --preferred-chain "ISRG Root X1"
    [note: this option requires certbot 1.12 (or hgigher) or other compatible ACME client]
    or quickly by modifying the fullchain.pem file and remove the last cert
  • switch to another free CA (until this problem no longer exists with LE certs)
    there are several to pick from that are ACME compatible
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.