Post A6c7LMKrBENyOpAzRY by Coyote@tucson.claims
(DIR) More posts by Coyote@tucson.claims
(DIR) Post #A6b8QX6CUi6a1gOM7s by Coyote@tucson.claims
2021-04-25T07:35:55.475706Z
0 likes, 3 repeats
Anyone know what's going wrong with all the letsencrypt failures lately?
(DIR) Post #A6bA2p5UA69ym5saHo by Coyote@tucson.claims
2021-04-25T07:54:02.603401Z
0 likes, 0 repeats
@alex are you aware of any pleroma nodes failing SSL authentication, and maybe know the bug URL/fix?
(DIR) Post #A6bAxWFcrrp4rQeob2 by Coyote@tucson.claims
2021-04-25T08:04:17.120156Z
0 likes, 0 repeats
Well, it's "Verify error:Invalid response" problem, acme.sh started failing. At least that part was easy to spot. Now... why is it failing I guess.
(DIR) Post #A6bBFXGzo3cXF8tBJI by Coyote@tucson.claims
2021-04-25T08:07:32.644937Z
0 likes, 0 repeats
Ok, if I curl letsencrypt.org, I pull back a recently validated reply, so, maybe that part is ok and it's not saving it locally? Hrm..
(DIR) Post #A6bfzQOSiKATquB9rU by vandys@mst.vsta.org
2021-04-25T13:52:00Z
0 likes, 0 repeats
@Coyote There's been a shift to treating letsencrypt as a top-level authority. Many sites are just pushing out their cert, not any intermediates.On older devices, they'll start failing, since they don't letsencrypt itself accepted as a top-level authority.I still add the cross-sign, as I have a number of devices where I don't want to bother messing with their cert treatment.
(DIR) Post #A6c7LMKrBENyOpAzRY by Coyote@tucson.claims
2021-04-25T18:58:28.457080Z
0 likes, 0 repeats
Starting to think nginx isn't handling the reply correctly, not acme.sh. Anyone had SSL/pleroma issues this past week that knows what's up?
(DIR) Post #A6c7iKTGHJDzHG3oFE by BigSkyRider@noagendasocial.com
2021-04-25T19:02:39Z
0 likes, 0 repeats
@Coyote what are the errors/symptoms observed?