TLS cert on talk.begriffs.com

Andrew Benson drewbenson at netjack.com
Tue Jul 27 12:53:57 UTC 2021


Wow what a pain.  I wonder if others have faced the same issue, and if so, if they’ve found away to make the newer acme client run on the older OS?

Drew

On Jul 24, 2021, at 11:32 AM, Joe Nelson <joe at begriffs.com> wrote:

Hey all, Nick pointed out to me that the cert is expired on our mail
server. After looking into it, I see it's because letsencrypt removed
the API that my renewal cron job used:

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

The renewal uses acme-client(1) in the OpenBSD base system. To use the
new API I'm guessing I have to update acme-client, which means I'll have
to upgrade the base system. However the upgrade won't be smooth. The
server is on OpenBSD 6.3, while 6.4 introduces breaking changes to the
email relay configuration. After solving that, we have to update one
release at a time to get up to the current version, 6.9.

Was hoping I could have left the server running into eternity and not
have had to change anything, but the world conspires against things just
working. Don't know whether this affects our mail delivery, or whether
it's really only an issue for the web interface. Maybe I can keep
ignoring the problem...


More information about the Friends mailing list