• let's encrypt certif problem

    From Ogg@VERT/CAPCITY2 to All on Mon Oct 11 20:30:00 2021
    It's been a few months since I last checked in on my nntp
    account with eternal-september, but TB is reporting that there
    is a certif problem:

    https://susepaste.org/24549546

    It seems to look fine in the sense that the dates are still
    good.

    But is there a way to update the certif and be able to log in?





    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@VERT/BBSESINF to Ogg on Mon Oct 11 22:21:06 2021
    Re: let's encrypt certif problem
    By: Ogg to All on Mon Oct 11 2021 08:30 pm

    It's been a few months since I last checked in on my nntp
    account with eternal-september, but TB is reporting that there
    is a certif problem:

    https://susepaste.org/24549546

    It seems to look fine in the sense that the dates are still
    good.

    But is there a way to update the certif and be able to log in?

    why dont you talk to their support and ask them.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Arelor@VERT/PALANT to Ogg on Tue Oct 12 08:02:40 2021
    Re: let's encrypt certif problem
    By: Ogg to All on Mon Oct 11 2021 08:30 pm

    It's been a few months since I last checked in on my nntp
    account with eternal-september, but TB is reporting that there
    is a certif problem:

    https://susepaste.org/24549546

    It seems to look fine in the sense that the dates are still
    good.

    But is there a way to update the certif and be able to log in?

    Most likely this is due to the fact one of Let's Encrypt's certifiers has an expired cert.

    Maybe you can remove DST X3 from your trust chain (since it is expired) and add the self signed
    let's encrypt certificate from here:

    https://letsencrypt.org/certificates/

    More information about the issue here:

    https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    ■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Arelor@VERT/PALANT to Ogg on Sun Oct 17 05:55:56 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Sat Oct 16 2021 07:51 pm

    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.


    I installed both self0signed ones, and I did that in XP and TB.

    Still doesn't work.


    I am sure there are ten thousand guides floating around the internet regarding certificate updateing. Most Linux and BSDs around got the problem fixed via a regular update.

    I know how to go through the "install certif" process in XP and
    TB. But, these marked "==>" are not making any difference:

    Active

    ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)
    Self-signed: der, pem, txt

    Active, limited availability

    ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = IS Root X2)
    Self-signed: der, pem, txt

    You also have to manually remove the expired DST X3 one.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    ■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Arelor@VERT/PALANT to Ogg on Tue Oct 19 03:23:54 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Mon Oct 18 2021 07:35 pm

    Hello Arelor!

    ** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:

    You also have to manually remove the expired DST X3 one.


    Ah.. That I haven't done.

    But I didn't see any "LetsEncrypt" certifs in the list of
    certifs.

    Because it is not a Let's Encrypt certificate. It is an Internet Security Research Group certificate. Internet Security Research Group are the owners of Let's Encrypt.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    ■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL