Let’s Encrypt new default chain February 8, 2024
Daniel Nashed – 6 January 2024 08:18:32
Let's Encrypt new default chain February 8, 2024
The change has been announced mid last year and there is probably no action for you to take.
It was about time for this move and it is well planned ahead of time.
If you didn't change anything on Domino CertMgr side, there is very likely no action to take.
I have just posted a new document to summarize all the details if you are interested -> https://opensource.hcltechsw.com/domino-cert-manager/lets_encrypt/
The document also contains references to useful Let's Encrypt documents.
Here is the link to the main document announcing the change --> https://letsencrypt.org/2023/07/10/cross-sign-expiration.html
In case you are using other ACME clients, make sure those clients also handle the change correctly.
I would assume most projects are well prepared and if you didn't make any change and use their current versions, you should be on the safe side.
It is still good to know about this change, but there is no reason to panic.
---
If you still have issues with Let's Encrypt in a very special case, there are also other free to use CAs using the ACME protocol, which are supported by CertMgr.
BuyPass from Norway is one of them offering certificates valid for 180 instead of 90 days -> https://www.buypass.com/products/tls-ssl-certificates/go-ssl
CertMgr supports multiple ACME providers like it also supports multiple DNS API providers in parallel for each domain (even mixed for multiple SANs by the way ...).
-- Daniel
- Comments [0]