I have a debian 8 web hosting server
And I use let's encrypt for my website certificates.
Am I impacted by the certificate expiration ?
#ca-certificates: 20141019+deb8u4
Hi @christophe31 welcome to the LE community forum
Sorry about the late reply... but things have been a little bit busier than usual.
I can definitely say that OpenSSL <1.1 would need to be upgrade or patched:
See: Old Let's Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - OpenSSL Blog
ca-certificates
from 2014 is definitely in need of some updating.
What problem(s) are you currently having?
What problem(s) have you been able to overcome (if any)?
P.S. I moved this to a separate topic so as to get better/focused attention and not to be lost in that immense topic
You may also want to check out Debian 8.3.0-6 - Problems renewing certificates
The problems I am having is that some devices that connect to my server are getting a certificate error message. (really not much)
This fits well with the list of OS mentioned.
The question I have is on a Debian 8 server- is there anything I can do to avoid this?
Or as it is a server I don't have to do anything.
Thank you for your support
If you only control the client side, then you can only make changes there - try adding the missing roots.
If you only control the server side, then you have a couple of choices:
- try changing the trust chain path with:
--preferred-chain "ISRG Root X1"
[note: this option requirescertbot 1.12
(or hgigher) or other compatible ACME client]
or quickly by modifying thefullchain.pem
file and remove the last cert - switch to another free CA (until this problem no longer exists with LE certs)
there are several to pick from that are ACME compatible
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.