Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let's Encrypt root certificate expiry #1272

Open
wildhart opened this issue Oct 4, 2021 · 2 comments
Open

Let's Encrypt root certificate expiry #1272

wildhart opened this issue Oct 4, 2021 · 2 comments
Labels
Proxy SSL

Comments

@wildhart
Copy link
Sponsor

wildhart commented Oct 4, 2021

As per https://letsencrypt.org/docs/certificate-compatibility/ some of my users on iOS 9 can no longer access my website.

It looks like my site is using the legacy keychain with the expired root:

image

Is there a way in mup to force let's encrypt to use the modern keychain?
@wildhart
Copy link
Sponsor Author

Looks like this would need to expose the certbot preferred-chain parameter as per electron/electron#31212 (comment)

sudo certbot certonly --nginx -d <domain> --preferred-chain "ISRG Root X1"

And also we'd need to be using an appropriate version of certbot which supports this parameter.

@zodern
Copy link
Owner

zodern commented Oct 18, 2021

We probably need to update to version 2 of https://github.com/nginx-proxy/acme-companion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proxy SSL
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zodern @wildhart