[SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration 30th/Sept - Any issues?

James Van Vleet james at vanvleet.net
Fri Oct 8 20:08:09 CEST 2021


A client had Digium phones that hated the expired part of the cert as
well.  Had to hack out the cross-signing to make them happy.

On Fri, Oct 8, 2021 at 12:49 PM Sergiu Pojoga <pojogas at gmail.com> wrote:

> Like our comrades at APIBAN. Had to patch the CA list on older linux
> distros to get this restarted.
>
> Oct  8 10:20:21 kamailio[8476]:  WARNING: http_client [functions.c:308]:
> curL_request_url(): TLS server certificate validation error (No valid CA
> cert) (url: https://apiban.org/api/...)
>
> @Fred, all good out there bud? lol
>
> On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax at sippysoft.com>
> wrote:
>
>> Some of our internal API have started to fail and most of software update
>> routines jammed up as a result until we figured out how to cope with that
>> issue.
>>
>> Not the first one and certainly not the last. In general PKI/TLS is by
>> design prone to issues like this and I am sad industry has not come up with
>> anything better yet to communicate over insecure channels. :( Noise
>> protocol certainly holds lots of potential in my view but mills of IETF
>> mill slowly, so we are going to be suffering for many years to come I am
>> afraid.
>>
>> -Max
>>
>>
>> On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <hw at skalatan.de>
>> wrote:
>>
>>> Hello,
>>>
>>>
>>>
>>> in total we had three customer incidents (two server related, one client
>>> related) because of this, one of them was a major incident.
>>>
>>>
>>>
>>> Cheers,
>>>
>>>
>>>
>>> Henning
>>>
>>>
>>>
>>> --
>>>
>>> Henning Westerholt – https://skalatan.de/blog/
>>>
>>> Kamailio services – https://gilawa.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *Joel
>>> Serrano
>>> *Sent:* Friday, October 1, 2021 9:05 PM
>>> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
>>> *Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration
>>> 30th/Sept - Any issues?
>>>
>>>
>>>
>>> Hello,
>>>
>>>
>>>
>>> I'm wondering if anyone had any issues yesterday with the expiration of
>>> the DST Root CA X3 cert?
>>>
>>>
>>>
>>> Out of all the servers I manage, only a couple were affected (debian 8).
>>> They were production servers so we replaced the cert with a different one
>>> to solve the issue while we find the root cause.
>>>
>>>
>>>
>>> Anyone out there had any issues yesterday because of this? I'm just
>>> curious!
>>>
>>>
>>>
>>> Joel.
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211008/5138fbf3/attachment.htm>


More information about the sr-users mailing list