TLS cert on talk.begriffs.com

Joe Nelson joe at begriffs.com
Sat Jul 24 16:32:28 UTC 2021


Hey all, Nick pointed out to me that the cert is expired on our mail
server. After looking into it, I see it's because letsencrypt removed
the API that my renewal cron job used:

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

The renewal uses acme-client(1) in the OpenBSD base system. To use the
new API I'm guessing I have to update acme-client, which means I'll have
to upgrade the base system. However the upgrade won't be smooth. The
server is on OpenBSD 6.3, while 6.4 introduces breaking changes to the
email relay configuration. After solving that, we have to update one
release at a time to get up to the current version, 6.9.

Was hoping I could have left the server running into eternity and not
have had to change anything, but the world conspires against things just
working. Don't know whether this affects our mail delivery, or whether
it's really only an issue for the web interface. Maybe I can keep
ignoring the problem...


More information about the Friends mailing list