TLS cert on talk.begriffs.com
Joe Nelson
joe at begriffs.com
Sat Jul 24 16:32:28 UTC 2021
Hey all, Nick pointed out to me that the cert is expired on our mail
server. After looking into it, I see it's because letsencrypt removed
the API that my renewal cron job used:
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
The renewal uses acme-client(1) in the OpenBSD base system. To use the
new API I'm guessing I have to update acme-client, which means I'll have
to upgrade the base system. However the upgrade won't be smooth. The
server is on OpenBSD 6.3, while 6.4 introduces breaking changes to the
email relay configuration. After solving that, we have to update one
release at a time to get up to the current version, 6.9.
Was hoping I could have left the server running into eternity and not
have had to change anything, but the world conspires against things just
working. Don't know whether this affects our mail delivery, or whether
it's really only an issue for the web interface. Maybe I can keep
ignoring the problem...
More information about the Friends
mailing list