Debian8 impact question

I have a debian 8 web hosting server
And I use let's encrypt for my website certificates.
Am I impacted by the certificate expiration ?
#ca-certificates: 20141019+deb8u4

openssl: 1.0.1t-1+deb8u12

Hi @christophe31 welcome to the LE community forum :slight_smile:

Sorry about the late reply... but things have been a little bit busier than usual.

I can definitely say that OpenSSL <1.1 would need to be upgrade or patched:
See: Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - OpenSSL Blog
ca-certificates from 2014 is definitely in need of some updating.

What problem(s) are you currently having?
What problem(s) have you been able to overcome (if any)?

P.S. I moved this to a separate topic so as to get better/focused attention and not to be lost in that immense topic


You may also want to check out Debian 8.3.0-6 - Problems renewing certificates


The problems I am having is that some devices that connect to my server are getting a certificate error message. (really not much)
This fits well with the list of OS mentioned.

The question I have is on a Debian 8 server- is there anything I can do to avoid this?
Or as it is a server I don't have to do anything.
Thank you for your support

If you only control the client side, then you can only make changes there - try adding the missing roots.
If you only control the server side, then you have a couple of choices:

  • try changing the trust chain path with:
    --preferred-chain "ISRG Root X1"
    [note: this option requires certbot 1.12 (or hgigher) or other compatible ACME client]
    or quickly by modifying the fullchain.pem file and remove the last cert
  • switch to another free CA (until this problem no longer exists with LE certs)
    there are several to pick from that are ACME compatible

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.