marcuskammer/emacs.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
emacs.d/clones/libera.chat/news/letsencrypt-ca-expiry.html
Marcus Kammer 7e48bb96c8
Update clones
2022-10-07 15:47:14 +02:00

683 lines
18 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en"><head>
<link rel="preload" href="../static/fonts/comfortaa-v30-subset-regular.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="../static/fonts/ubuntu-v15-latin-regular.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="../static/fonts/ubuntu-v15-subset-500.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="../static/img/libera-color.svg" as="image" type="image/svg+xml">
<meta charset="utf-8">
<meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta content="width=device-width, initial-scale=1" name="viewport"><!-- Begin Jekyll SEO tag v2.8.0 -->
<title>Lets Encrypt root CA expiry | Libera Chat</title>
<meta name="generator" content="Jekyll v3.9.2" />
<meta property="og:title" content="Lets Encrypt root CA expiry" />
<meta name="author" content="edk" />
<meta property="og:locale" content="en_GB" />
<meta name="description" content="Hello," />
<meta property="og:description" content="Hello," />
<link rel="canonical" href="letsencrypt-ca-expiry.html" />
<meta property="og:url" content="https://libera.chat/news/letsencrypt-ca-expiry" />
<meta property="og:site_name" content="Libera Chat" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2021-09-30T00:00:00+00:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="Lets Encrypt root CA expiry" />
<meta name="twitter:site" content="@liberachat" />
<meta name="twitter:creator" content="@edk" />
<meta property="article:publisher" content="liberachat" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"Article","author":{"@type":"Person","name":"edk"},"dateModified":"2021-09-30T00:00:00+00:00","datePublished":"2021-09-30T00:00:00+00:00","description":"Hello,","headline":"Lets Encrypt root CA expiry","url":"https://libera.chat/news/letsencrypt-ca-expiry"}</script>
<!-- End Jekyll SEO tag -->
<link rel="icon" type="image/svg+xml" href="../static/img/libera-color.svg">
<link rel="alternate icon" href="../favicon.ico">
<!-- Stylesheets -->
<style>/*! modern-normalize v1.0.0 | MIT License | https://github.com/sindresorhus/modern-normalize */
*,::after,::before{box-sizing:border-box}:root{-moz-tab-size:4;tab-size:4}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}body{font-family:system-ui,-apple-system,'Segoe UI',Roboto,Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji'}hr{height:0;color:inherit}abbr[title]{text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Consolas,'Liberation Mono',Menlo,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}::-moz-focus-inner{border-style:none;padding:0}:-moz-focusring{outline:1px dotted ButtonText}:-moz-ui-invalid{box-shadow:none}legend{padding:0}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}</style>
<style>@font-face {
/* comfortaa-regular - subset */
font-family: 'Comfortaa';
src: url('../static/fonts/comfortaa-v30-subset-regular.woff2') format('woff2'), url('../static/fonts/comfortaa-v30-subset-regular.woff') format('woff'), url('../static/fonts/comfortaa-v30-subset-regular.ttf') format('truetype');
font-style: normal;
font-weight: 400;
font-display: swap;
/* . C L a b e h i r t */
unicode-range: U+002E, U+0043, U+004C, U+0061-0062, U+0065, U+0068-0069, U+0072, U+0074;
}
@font-face {
/* ubuntu-regular - latin */
font-family: 'Ubuntu';
src: local(''), url('../static/fonts/ubuntu-v15-latin-regular.woff2') format('woff2'), url('../static/fonts/ubuntu-v15-latin-regular.woff') format('woff'), url('../static/fonts/ubuntu-v15-latin-regular.ttf') format('truetype');
font-style: normal;
font-weight: 400;
font-display: swap;
}
@font-face {
/* ubuntu-500 - subset */
font-family: 'Ubuntu';
src: local(''), url('../static/fonts/ubuntu-v15-subset-500.woff2') format('woff2'), url('../static/fonts/ubuntu-v15-subset-500.woff') format('woff'), url('../static/fonts/ubuntu-v15-subset-500.ttf') format('truetype');
font-style: normal;
font-weight: 500;
font-display: swap;
/* C c e n o t */
unicode-range: U+0043 U+0063 U+0065 U+006E U+006F U+0074;
}
:root {
--header-height: 4rem;
--content-inline-padding: 1.3rem;
--content-max-width: 80ch;
/* define our palette for all themes */
--white: #fff;
--gray-100: #f3f4f6;
--gray-200: #e5e7eb;
--gray-300: #d1d5db;
--gray-400: #9ca3af;
--gray-800: #1f2937;
--gray-900: #111827;
--brand-purple: #5555ff;
--brand-pink: #ff55dd;
/* light-theme vars */
--c-bg: var(--gray-100);
--c-bg-secondary: var(--white);
--c-text: var(--gray-800);
--c-border: var(--gray-300);
--c-hl: var(--brand-pink);
--c-hl-secondary: var(--brand-purple);
--c-text-on-hl: var(--gray-800);
--c-text-on-hl-secondary: var(--white);
}
@media (prefers-color-scheme: dark) {
:root {
--c-bg: var(--gray-800);
--c-bg-secondary: var(--gray-900);
--c-text: var(--gray-200);
--c-border: var(--gray-400);
}
}
* {
color: var(--c-text);
box-sizing: border-box;
font-family: Ubuntu, sans-serif;
letter-spacing: .1ch;
}
main *, .hero * {
line-height: 1.5;
}
body {
background-color: var(--c-bg);
min-height: 100vh;
display: grid;
grid-template-rows: var(--header-height) min-content auto auto min-content;
grid-template-columns: 1fr;
grid-template-areas: "header" "hero" "main" "aside" "footer";
}
a {
text-decoration: underline;
text-underline-offset: .05rem;
}
a:hover {
text-underline-offset: .25rem;
color: var(--c-hl);
}
h1, h2, h3, h4, h5, h6, p {
word-break: break-word;
scroll-margin-block-start: 4.5rem;
}
h1, h2, h3, h4, h5, h6, strong {
font-weight: 500;
}
em {
font-style: italic;
}
h1, h2, h3, h4, h5, h6 {
margin-block-end: 0;
}
h1+*, h2+*, h3+*, h4+*, h5+*, h6+* {
margin-block-start: 0;
}
main h1 {
font-size: 2.25rem;
}
main h2 {
font-size: 1.5rem;
}
main h3 {
font-size: 1.25rem;
}
main :is(h2, h3, h4, h5, h6) a {
text-decoration: none;
position: relative;
}
main :is(h2, h3, h4, h5, h6) a:hover::before {
content: '#';
position: absolute;
left: -1.5ch;
bottom: 0;
font-weight: normal;
font-size: 1rem;
}
@media screen and (min-width: 800px) {
body {
grid-template-columns: min-content 8fr;
grid-template-rows: 4rem min-content auto min-content;
grid-template-areas: "header header" "hero hero" "aside main" "footer footer";
}
}
.skiplink {
z-index: 9999;
transform: translateY(calc(-100% - 1rem));
display: block;
position: absolute;
height: 4rem;
padding: var(--content-inline-padding);
background-color: var(--c-bg);
border-inline-end: 1px solid var(--c-border);
border-block-end: 1px solid var(--c-border);
}
.skiplink:focus {
z-index: 9999;
transform: translateY(0);
}
header {
grid-area: header;
height: var(--header-height);
border-block-end: 1px solid var(--c-border);
background-color: var(--c-bg-secondary);
position: sticky;
top: 0;
z-index: 1000;
display: flex;
flex-direction: row;
flex-wrap: nowrap;
justify-content: space-between;
}
header a {
text-decoration: none;
}
header .logo {
display: flex;
flex-wrap: nowrap;
align-items: center;
height: 100%;
padding-inline-start: var(--content-inline-padding);
}
header .logo img {
padding-block-end: .3rem;
}
header .logo h1 {
margin: 0;
margin-bottom: -.4rem;
font-size: 1.7rem;
line-height: 1;
font-family: Comfortaa, Ubuntu, sans-serif;
font-weight: bold;
}
header .nav-toggle {
display: block;
border-inline-start: 1px solid var(--c-border);
padding: 0 1rem;
display: flex;
align-items: center;
cursor: pointer;
}
header nav details summary, header nav a {
border-block-end: 1px solid var(--c-border);
padding: 1rem;
display: flex;
align-items: center;
cursor: pointer;
white-space: nowrap;
}
header nav details summary::before {
content: "►";
padding-inline-end: .3rem;
}
header nav details[open] summary::before {
content: "▼";
}
header nav .nav-close {
display: none;
}
header nav.show .nav-close {
display: flex;
}
header nav {
transform: translateY(calc(-100% - 1rem));
display: flex;
flex-direction: column;
justify-content: flex-start;
position: fixed;
right: 0;
top: 0;
bottom: 0;
background-color: var(--c-bg-secondary);
min-width: 20rem;
max-width: 30rem;
border-inline-start: 1px solid var(--c-border);
z-index: 10000;
}
header nav.show, header nav:focus-within {
transform: translateY(0);
}
header nav details summary.highlight, header nav a.highlight {
background-color: var(--c-hl);
color: var(--c-text-on-hl);
font-weight: 500;
}
header nav details summary:hover, header nav a:hover {
background-color: var(--c-bg);
}
header nav details summary.highlight:hover, header nav a.highlight:hover {
background-color: var(--c-hl-secondary);
color: var(--c-text-on-hl-secondary);
}
header nav details {
display: flex;
flex-direction: column;
position: relative;
}
header nav details a {
padding-inline-start: 2.5rem;
}
@media screen and (min-width: 950px) {
header .nav-toggle, header .nav-close, header nav.show .nav-close {
display: none;
}
header nav {
transform: initial;
display: flex;
flex-direction: row;
justify-content: flex-end;
position: initial;
background-color: initial;
min-width: unset;
max-width: unset;
border-inline-start: none;
}
header nav.show, header nav:focus-within {
transform: initial;
}
header nav details summary, header nav a {
border-block-end: none;
border-inline-start: 1px solid var(--c-border);
border-inline-end: 1px solid var(--c-border);
padding: 0 1rem;
display: flex;
margin-inline-start: -1px;
align-items: center;
height: 100%;
}
header nav details:last-of-type summary {
border-inline-end: none;
}
header nav details[open] summary {
border-block-end: 1px solid var(--c-border);
height: calc(100% + 1px);
}
header nav details div {
position: absolute;
right: 0;
}
header nav details div a {
background-color: var(--c-bg-secondary);
border-block-end: 1px solid var(--c-border);
padding: 1rem;
}
}
main {
grid-area: main;
padding: 0 var(--content-inline-padding);
max-width: var(--content-max-width);
min-width: 0;
width: 100%;
margin: 2rem auto;
}
nav.article-nav {
display: flex;
flex-direction: row;
justify-content: center;
}
nav.article-nav div {
width: 33%;
text-align: center;
}
footer {
grid-area: footer;
align-self: end;
background-color: var(--c-bg-secondary);
border-block-start: 1px solid var(--c-border);
padding: .5rem var(--content-inline-padding);
display: flex;
flex-direction: row;
flex-wrap: wrap;
justify-content: space-between;
}
footer div {
line-height: 2;
}
footer div .mobile-hide {
display: none;
}
footer div a {
white-space: nowrap;
}
footer div a:not([rel*=license]), footer div .copyright {
display: block;
}
@media screen and (min-width: 800px) {
footer div {
line-height: 1.5;
}
footer div:last-of-type {
padding-inline-start: 1rem;
}
footer div .mobile-hide {
display: inline;
}
footer div a:not([rel*=license]), footer div .copyright {
display: initial;
}
}
</style>
<link rel="stylesheet" href="../static/css/additional-styles.css">
<script src="../static/js/header-links.js" defer></script>
</head>
<body><a class="skiplink" href="letsencrypt-ca-expiry.html#main">Skip to content</a>
<header>
<a class="logo" href="../index.html" aria-label="Libera Chat, back to start page">
<img alt="" src="../static/img/libera-color.svg" height="48px" data-proofer-ignore>
<h1>Libera.&ZeroWidthSpace;Chat</h1>
</a>
<a id="nav-toggle" class="nav-toggle hidden" aria-controls="main-nav"><span>Navigation</span></a>
<nav class="" id="main-nav" aria-labelledby="nav-toggle" role="menubar">
<a id="nav-close" class="nav-close hidden" aria-controls="main-nav"><span>Close</span></a>
<details>
<summary
>About</summary>
<div>
<a
role="menuitem"
href="../policies.html"
><span>Network Policies</span></a>
<a
role="menuitem"
href="../guidelines.html"
><span>Channel Guidelines</span></a>
<a
role="menuitem"
href="../news.html"
><span>Blog & News</span></a>
<a
role="menuitem"
href="../about.html"
><span>About Libera Chat</span></a>
<a
role="menuitem"
href="../bylaws.html"
><span>Bylaws</span></a>
<a
role="menuitem"
href="../minutes.html"
><span>Meeting Minutes</span></a>
<a
role="menuitem"
href="../annual-reports.html"
><span>Annual Reports</span></a>
<a
role="menuitem"
href="../sponsors.html"
><span>Sponsors</span></a>
</div>
</details>
<details>
<summary
>Contribute</summary>
<div>
<a
role="menuitem"
href="../contributing/donate.html"
><span>Donate</span></a>
<a
role="menuitem"
href="../contributing/sponsor.html"
><span>Sponsor Us</span></a>
<a
role="menuitem"
href="../contributing/development.html"
><span>Development</span></a>
</div>
</details>
<a role="menuitem" href="../chanreg.html"><span>Channel Namespaces</span></a>
<a role="menuitem" href="../guides.html"><span>Guides</span></a>
<a role="menuitem" href="../guides/faq.html"><span>FAQ</span></a>
<details>
<summary
class="highlight"
>Connect</summary>
<div>
<a
role="menuitem"
href="https://web.libera.chat"
rel="noopener noreferrer"
><span>Webchat</span></a>
<a
role="menuitem"
href="ircs://irc.libera.chat:6697"
><span>irc.libera.chat:6697 (TLS)</span></a>
<a
role="menuitem"
href="../guides/connect.html"
><span>How to Connect</span></a>
</div>
</details>
</nav>
</header>
<script async>
const navToggle = document.querySelector('#nav-toggle')
const navClose = document.querySelector('#nav-close')
const mainNav = document.querySelector('#main-nav')
// progressive enhancement!
navToggle.classList.remove('hidden')
navClose.classList.remove('hidden')
navToggle.addEventListener('click', event => {
event.preventDefault()
mainNav.classList.toggle('show')
})
navClose.addEventListener('click', event => {
event.preventDefault()
mainNav.classList.remove('show')
})
</script>
<main id="main"><article>
<h1>Let's Encrypt root CA expiry</h1>
<p class="details">
<time pubdate datetime="2021-09-30">30th September 2021</time>
by edk
</p>
<p>Hello,</p>
<p>The root CA for most Lets Encrypt certificates <a href="https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/">expired
today</a>.
Just about everyone was waiting for this, but in our case we felt there was
nothing for us to do but wait and see what happened; LEs plan for dealing with
the expiration seemed solid enough. Oops.</p>
<p>So what was the plan? LE have continued to provide, in the default chain in
their API, a version of their CA cert thats signed by the expiring root CA.
(This is known as cross-signing). This was done to provide a workaround for some
devices (as far as I know, mostly very old Androids) and was presumably tested
against web browsers, which regularly update their TLS libraries.</p>
<p>Not all other software does. Serving the cross-signed root in our chain broke
Hexchat on Windows, amongst other software combinations, because Hexchat uses a
version of OpenSSL that doesnt search exhaustively for a correct validation
path if its served a chain that is (as in this instance) trusted but invalid.</p>
<p>Weve chosen to remove the cross-signed root from our chains for now, fixing the
clients that weve been able to test. This will be subject to review based on
your feedback, so please let us know if you were relying on the cross-signed
root. We can be reached at <a href="mailto:support@libera.chat">support@libera.chat</a>; you can of course disable
validation or connect insecurely as a workaround, but please weigh any such
workaround against the security risks it carries.</p>
<p>As always, thanks for using Libera Chat.</p>
</article>
<nav class="article-nav">
<div>
<a href="lengthening-nick-expiry.html">Previous</a>
</div>
<div>
<a href="../news.html">Archive</a>
</div>
<div>
<a href="end-of-2021-review.html">Next</a>
</div>
</nav>
</main><footer>
<div>
<span class="copyright">&copy; Libera Chat's contributors 2021</span>
(<a rel="license noopener noreferrer" href="../LICENSE-content.txt">Content CC BY-NC-SA</a>,
<a rel="license noopener noreferrer" href="../LICENSE-code.txt">Code MIT</a>)
<span class="mobile-hide">/</span>
<a href="../atom.xml">Feed (atom)</a>
<span class="mobile-hide">/</span>
<a href="../privacy.html">Privacy</a>
</div>
<div>
<a rel="me noopener noreferrer" href="https://fosstodon.org/@liberachat">Mastodon</a>
<span class="mobile-hide">/</span>
<a href="https://github.com/Libera-Chat/libera-chat.github.io" rel="noopener noreferrer">GitHub</a>
<span class="mobile-hide">/</span>
<a href="https://twitter.com/liberachat" rel="noopener noreferrer">Twitter</a>
<span class="mobile-hide">/</span>
<a href="https://facebook.com/liberachat" rel="noopener noreferrer">Facebook</a>
</div>
</footer>
Reference in a new issue View git blame Copy permalink