[squid-users] wiki.squid-cache.org has invalid SSL certificate
Francesco Chemolli
gkinkie at gmail.com
Sat Jan 23 13:19:35 UTC 2021
Thanks for letting me know.
We use letsencrypt and there's an automated renewal mechanism at play, but
apparently it doesn't keep up with changing intermediates.
On Sat, Jan 23, 2021 at 1:15 PM Walter H. <Walter.H at mathemainzel.info>
wrote:
> On 23.01.2021 13:07, Matus UHLAR - fantomas wrote:
> > On 22.01.21 15:32, Alex Rousskov wrote:
> >> On 1/22/21 3:10 PM, Walter H. wrote:
> >>
> >>> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org
> >>> there is an invalid certificate as the intermediate
> >>
> >> FWIW, I see nothing marked as "invalid" on that page, even after
> >> clicking on one of the two servers and expanding the "Certification
> >> Paths" group. The "certificate" score is 100%/Green.
> >>
> >> The service does show one missing intermediate certificate ("certificate
> >> chain is incomplete" and "extra download" annotations), which the
> >> service was able to successfully download and validated. This extra work
> >> reduced our overall score from A to B AFAICT. This is expected per Squid
> >> Project NOC AFAICT.
> >>
> >> It may help if you provide more details about the "invalid" annotations
> >> that _you_ see on that report.
> >
> > this may be obsolete info, both server certificate and intermediate were
> > signes last synday (Jan 17).
> >
> > I have noticed similar problems for some letsencrypt certificates last
> > month.
>
> the reason: Let's encrypt changed the interediate, see here:
> https://letsencrypt.org/certificates/
>
> https://wiki.squid-cache.org/
>
> got a new SSL certificate but the chain still has the old X3 instead of
> R3 ...
>
> Thanks
>
> Walter
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210123/ecf0f69d/attachment.htm>
More information about the squid-users
mailing list