Let's Encrypt / older servers

Cantor, Scott cantor.2 at osu.edu
Thu Oct 14 15:35:36 UTC 2021

This popped up on a Slack thread, and I thought it might be worth noting, but I guess Let's Encrypt hit a cross-over point with their cert chain(s) recently and one of the old roots that I guess is baked into at least CentOS 7's OpenSSL client expired 2 weeks ago.

I don't imagine this will affect too many, but if you have programmatic tools that are hitting shibboleth.net it might bite. It's not an artifact of the server move, just happened to coincide on the calendar. All the intermediates are valid so the server's providing the right things, it's the root that expired.

-- Scott

More information about the users mailing list