How to force older debian to forget about DST Root CA X3 Expiration and use ISRG Root X1 – SSL certificate problem: certificate has expired

disclaimer; I’m no security expert (I know things, but you do you). Make sure you understand what you do before applying whatever fix shared here Fix by upgrading your instances Upgrade your instances. This problem won’t happen on debian 9 or higher. In the following example, I had this problem on a ruby:2.4.1 docker image … Read more

Does Java support Let’s Encrypt certificates?

[Update 2016-06-08: According to https://bugs.openjdk.java.net/browse/JDK-8154757 the IdenTrust CA will be included in Oracle Java 8u101.] [Update 2016-08-05: Java 8u101 has been released and does indeed include the IdenTrust CA: release notes] Does Java support Let’s Encrypt certificates? Yes. The Let’s Encrypt certificate is just a regular public key certificate. Java supports it (according to Let’s … Read more

How do I test a ClusterIssuer solver?

apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: certificate-name spec: secretName: tls-cert duration: 24h renewBefore: 12h commonName: hostname dnsNames: – hostname issuerRef: name: letsencrypt kind: ClusterIssuer apiVersion: certmanager.k8s.io/v1alpha2 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: email: myemail@email.com privateKeySecretRef: name: letsencrypt-private-key server: https://acme-v02.api.letsencrypt.org/directory solvers: – http01: ingress: class: nginx selector: {} apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: certmanager.k8s.io/acme-challenge-type: … Read more

tech