Working around expired root certificates

30 points3
paol2 hours ago

This cert expiration semi-broke my home backup setup. (The backups work fine but the reporting broke, which is subtly more dangerous.)

Duplicati, which is a .NET app, doesn't seem to have the latest certificates when running on Fedora. The same software on Ubuntu works fine.

lousken3 hours ago

Kinda related to this - anyone tried to fix their xamarin app so that it'd work with letsencrypt? Developers told me xamarin tries to validate both chains so the hack breaks the validation. Not sure if they've come up with a workaround

kadonoishi1 hour ago

Possibly related to that - I just fixed my letsencrypt problem on an old Mac by following these instructions [0], which were referenced here [1].



a3w2 hours ago

Yes. Android <5.1 or like that failed due to not having chrome available I think. 6.0 and 7.0 seem to have a different issue with the one of the letsencrypt certificate chains.

OIDC for us seems to work on iOS 15, or not, depending on iPadOS 15 , iOS (Simulator), or iOS-out-in-the-wild .

zinekeller3 hours ago

That's a very good workaround on OpenSSL-based systems, although it's kind-of moot now since if you can update the IdenTrust/DST root, you could simply also remove it and add ISRG's roots.

shadowgovt55 minutes ago

Out of curiosity, does anybody know how Apple laptops got updated with the replacement for the let's encrypt certificate?

I was surprised to discover that my wife's machine had not automatically updated, several of her websites went inaccessible on September 30th, and I had to do the update manually. I'm not sure what step we missed that and updated certificate wasn't automatically sent to her.

jeromegv37 minutes ago

Which OS? For El Capitan for example, no updates were released by Apple.

I will be using those instructions instead to do it manually