Hi Bruce, I'm afraid that there's a lack of people available to do maintenance to that service (it has other issues besides that LE root) There has been some debate on replacing it completely. I'm wondering if it'd be better to switch of the now largely misbehaving service until a fix or replacement can be put in place.
Regards, Guus On Tue, Feb 1, 2022 at 4:29 AM Bruce Walzer <[email protected]> wrote: > This is the post on the OpenBSD subreddit that prompted this list post: > > * > https://old.reddit.com/r/openbsd/comments/shgdp0/xmppserver_with_openbsd_prosody_someone_getting_a/ > > It appears that whatever the IM Observatory is using for TLS root > certificates was not been updated to accommodate the root certificate > expiry that Let's Encrypt experienced at the end of September. For > example, OpenBSD keeps such root certificates in /etc/ssl/cert.pem and > failure to update this file causes current Let's Encrypt TLS > certificates to fail. > > Thanks! >
