A client had Digium phones that hated the expired part of the cert as well.  Had to hack out the cross-signing to make them happy.

On Fri, Oct 8, 2021 at 12:49 PM Sergiu Pojoga <pojogas@gmail.com> wrote:
Like our comrades at APIBAN. Had to patch the CA list on older linux distros to get this restarted.

Oct  8 10:20:21 kamailio[8476]:  WARNING: http_client [functions.c:308]: curL_request_url(): TLS server certificate validation error (No valid CA cert) (url: https://apiban.org/api/...)

@Fred, all good out there bud? lol

On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax@sippysoft.com> wrote:
Some of our internal API have started to fail and most of software update routines jammed up as a result until we figured out how to cope with that issue.

Not the first one and certainly not the last. In general PKI/TLS is by design prone to issues like this and I am sad industry has not come up with anything better yet to communicate over insecure channels. :( Noise protocol certainly holds lots of potential in my view but mills of IETF mill slowly, so we are going to be suffering for many years to come I am afraid.

-Max


On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <hw@skalatan.de> wrote:

Hello,

 

in total we had three customer incidents (two server related, one client related) because of this, one of them was a major incident.

 

Cheers,

 

Henning

 

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

 

 

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Joel Serrano
Sent: Friday, October 1, 2021 9:05 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration 30th/Sept - Any issues?

 

Hello, 

 

I'm wondering if anyone had any issues yesterday with the expiration of the DST Root CA X3 cert?

 

Out of all the servers I manage, only a couple were affected (debian 8). They were production servers so we replaced the cert with a different one to solve the issue while we find the root cause. 

 

Anyone out there had any issues yesterday because of this? I'm just curious!

 

Joel.

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users