[SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration 30th/Sept - Any issues?

Matthias Wimmer m at tthias.eu
Sat Oct 9 13:15:49 CEST 2021 

Here we had problems with clients using an Auerswald PBX showing the 
following error message:

503: Certificate Validation Failure
SSL-Error 10: certificate has expired, depth=3 /O=Digital Signature 
Trust Co./CN=DST Root CA X3 )

Regards,
Matthias


On 08.10.21 19:49, Sergiu Pojoga wrote:
> Like our comrades at APIBAN. Had to patch the CA list on older linux 
> distros to get this restarted.
>
> Oct  8 10:20:21 kamailio[8476]:  WARNING: http_client 
> [functions.c:308]: curL_request_url(): TLS server certificate 
> validation error (No valid CA cert) (url: https://apiban.org/api/.. 
> <https://apiban.org/api/..>.)
>
> @Fred, all good out there bud? lol
>
> On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax at sippysoft.com 
> <mailto:sobomax at sippysoft.com>> wrote:
>
>     Some of our internal API have started to fail and most of software
>     update routines jammed up as a result until we figured out how to
>     cope with that issue.
>
>     Not the first one and certainly not the last. In general PKI/TLS
>     is by design prone to issues like this and I am sad industry has
>     not come up with anything better yet to communicate over insecure
>     channels. :( Noise protocol certainly holds lots of potential in
>     my view but mills of IETF mill slowly, so we are going to be
>     suffering for many years to come I am afraid.
>
>     -Max
>
>
>     On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt,
>     <hw at skalatan.de <mailto:hw at skalatan.de>> wrote:
>
>         Hello,
>
>         in total we had three customer incidents (two server related,
>         one client related) because of this, one of them was a major
>         incident.
>
>         Cheers,
>
>         Henning
>
>         -- 
>
>         Henning Westerholt – https://skalatan.de/blog/
>         <https://skalatan.de/blog/>
>
>         Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>         *From:* sr-users <sr-users-bounces at lists.kamailio.org
>         <mailto:sr-users-bounces at lists.kamailio.org>> *On Behalf Of
>         *Joel Serrano
>         *Sent:* Friday, October 1, 2021 9:05 PM
>         *To:* Kamailio (SER) - Users Mailing List
>         <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
>         *Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA
>         expiration 30th/Sept - Any issues?
>
>         Hello,
>
>         I'm wondering if anyone had any issues yesterday with the
>         expiration of the DST Root CA X3 cert?
>
>         Out of all the servers I manage, only a couple were affected
>         (debian 8). They were production servers so we replaced the
>         cert with a different one to solve the issue while we find the
>         root cause.
>
>         Anyone out there had any issues yesterday because of this? I'm
>         just curious!
>
>         Joel.
>
>         __________________________________________________________
>         Kamailio - Users Mailing List - Non Commercial Discussions
>           * sr-users at lists.kamailio.org
>         <mailto:sr-users at lists.kamailio.org>
>         Important: keep the mailing list in the recipients, do not
>         reply only to the sender!
>         Edit mailing list options or unsubscribe:
>           *
>         https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>         <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>     __________________________________________________________
>     Kamailio - Users Mailing List - Non Commercial Discussions
>       * sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     Important: keep the mailing list in the recipients, do not reply
>     only to the sender!
>     Edit mailing list options or unsubscribe:
>       * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>    * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:
>    * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211009/22298fa5/attachment.htm>

More information about the sr-users mailing list