It's been a few months since I last checked in on my nntp ãaccount with eternal-september, but TB is reporting that there ãis a certif problem:ããhttps://susepaste.org/24549546ããIt seems to look fine in the sense that the dates are still ãgood.ããBut is there a way to update the certif and be able to log in?ãããããã--- OpenXP 5.0.50ã * Origin: Ogg's Dovenet Point (723:320/1.9)ã þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTPã

Re: let's encrypt certif problemã By: Ogg to All on Mon Oct 11 2021 08:30 pmãã > It's been a few months since I last checked in on my nntpã > account with eternal-september, but TB is reporting that thereã > is a certif problem:ã >ã > https://susepaste.org/24549546ã >ã > It seems to look fine in the sense that the dates are stillã > good.ã >ã > But is there a way to update the certif and be able to log in?ããwhy dont you talk to their support and ask them.ã---ã þ Synchronet þ ::: BBSES.info - free BBS services :::ã

Re: let's encrypt certif problemã By: Ogg to All on Mon Oct 11 2021 08:30 pmãã > It's been a few months since I last checked in on my nntpã > account with eternal-september, but TB is reporting that thereã > is a certif problem:ã > ã > https://susepaste.org/24549546ã > ã > It seems to look fine in the sense that the dates are stillã > good.ã > ã > But is there a way to update the certif and be able to log in?ããMost likely this is due to the fact one of Let's Encrypt's certifiers has an expired cert.ããMaybe you can remove DST X3 from your trust chain (since it is expired) and add the self signedãlet's encrypt certificate from here: ããhttps://letsencrypt.org/certificates/ããMore information about the issue here:ããhttps://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ãã--ãgopher://gopher.richardfalken.com/1/richardfalkenãã---ã þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FLã

Hello Arelor!ãã** On Tuesday 12.10.21 - 08:02, Arelor wrote to Ogg:ãã A> Maybe you can remove DST X3 from your trust chain (since it is expired)ã A> and add the self signed let's encrypt certificate from here:ãã A> https://letsencrypt.org/certificates/ãã A> More information about the issue here:ãã A> https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ããThe info and reason is all good, but I need a step-by-stepãintruction on how to work with certifs. I downloaded what Iãthough was a required replacement/updated certif [Cross-signedãby DST Root CA X3] from one of the above links, but it promptedãme for a password to proceed with the installation.ããMeanwhile, I learned that OpenXP doesn't care about any ãcertifs, and I can fetch my eternal-september messages with ãthat. I don't need to use TB at all. But it wold be nice to ãfix the certif problem.ãã--- OpenXP 5.0.50ã * Origin: Ogg's Dovenet Point (723:320/1.9)ã þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTPã

Re: let's encrypt certif problemã By: Ogg to Arelor on Fri Oct 15 2021 10:16 pmãã > The info and reason is all good, but I need a step-by-stepã > intruction on how to work with certifs. I downloaded what Iã > though was a required replacement/updated certif [Cross-signedã > by DST Root CA X3] from one of the above links, but it promptedã > me for a password to proceed with the installation.ã > ã > Meanwhile, I learned that OpenXP doesn't care about anyã > certifs, and I can fetch my eternal-september messages withã > that. I don't need to use TB at all. But it wold be nice toã > fix the certif problem.ããYou need the self-signed certificate, not the cross-signed one, since theãcross-signed one is using an old, expired trust chain.ããI am sure there are ten thousand guides floating around the internet regardingãcertificate updateing. Most Linux and BSDs around got the problem fixed via aãregular update.ãã--ãgopher://gopher.richardfalken.com/1/richardfalkenãã---ã þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FLã

Hello Arelor!ãã** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:ãã A> You need the self-signed certificate, not the cross-signedã A> one, since the cross-signed one is using an old, expiredã A> trust chain.ãããI installed both self0signed ones, and I did that in XP and TB.ããStill doesn't work.ããã A> I am sure there are ten thousand guides floating around the internetã A> regarding certificate updateing. Most Linux and BSDs around got theã A> problem fixed via a regular update.ããI know how to go through the "install certif" process in XP and ãTB. But, these marked "==>" are not making any difference:ããActiveãã ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)ã==> Self-signed: der, pem, txtããActive, limited availabilityãã ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = ISRG Root X2)ã==> Self-signed: der, pem, txtãããã--- OpenXP 5.0.50ã * Origin: Ogg's Dovenet Point (723:320/1.9)ã þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTPã

Re: let's encrypt certif problemã By: Ogg to Arelor on Sat Oct 16 2021 07:51 pmãã > Hello Arelor!ã > ã > ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:ã > ã > A> You need the self-signed certificate, not the cross-signedã > A> one, since the cross-signed one is using an old, expiredã > A> trust chain.ã > ã > ã > I installed both self0signed ones, and I did that in XP and TB.ã > ã > Still doesn't work.ã > ã > ã > A> I am sure there are ten thousand guides floating around the internetã > A> regarding certificate updateing. Most Linux and BSDs around got theã > A> problem fixed via a regular update.ã > ã > I know how to go through the "install certif" process in XP andã > TB. But, these marked "==>" are not making any difference:ã > ã > Activeã > ã > ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRGã > Root X1)ã > ==> Self-signed: der, pem, txtã > ã > Active, limited availabilityã > ã > ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = ISã > Root X2)ã > ==> Self-signed: der, pem, txtããYou also have to manually remove the expired DST X3 one.ãã--ãgopher://gopher.richardfalken.com/1/richardfalkenãã---ã þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FLã

Hello Arelor!ãã** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:ãã A> You need the self-signed certificate, not the cross-signedã A> one, since the cross-signed one is using an old, expiredã A> trust chain.ããJust a little followup.. I tried their "test" links below:ãã ISRG Root X1ã Valid <== this one worked OKã Revoked <== this one loaded properly with "revoked"ã Expired <== this wouldn't load.ãã ISRG Root X2ã Valid <== this one worked OKã Revoked <== this one loaded with a "revoked" page.ã Expired <== this one wouldn't load.ãããSo.. the certifs are probably installed fine in system/browser ãprogram?ããNow, only TB's mail system is still complaining about ãinvalidity. :(ããã--- OpenXP 5.0.50ã * Origin: Ogg's Dovenet Point (723:320/1.9)ã þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTPã

Re: let's encrypt certif problemã By: Ogg to Arelor on Sun Oct 17 2021 08:51 amãã > Hello Arelor!ã > ã > ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:ã > ã > A> You need the self-signed certificate, not the cross-signedã > A> one, since the cross-signed one is using an old, expiredã > A> trust chain.ã > ã > Just a little followup.. I tried their "test" links below:ã > ã > ISRG Root X1ã > Valid <== this one worked OKã > Revoked <== this one loaded properly with "revoked"ã > Expired <== this wouldn't load.ã > ã > ISRG Root X2ã > Valid <== this one worked OKã > Revoked <== this one loaded with a "revoked" page.ã > Expired <== this one wouldn't load.ã > ã > ã > So.. the certifs are probably installed fine in system/browserã > program?ã > ã > Now, only TB's mail system is still complaining aboutã > invalidity. :(ããThunderbird and Firefox have their own certificate databases. They don't useãthe system's.ãã--ãgopher://gopher.richardfalken.com/1/richardfalkenãã---ã þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FLã

Hello Arelor!ãã** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:ãã A> You also have to manually remove the expired DST X3 one.ãããAh.. That I haven't done.ããBut I didn't see any "LetsEncrypt" certifs in the list of ãcertifs.ããã--- OpenXP 5.0.50ã * Origin: Ogg's Dovenet Point (723:320/1.9)ã þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTPã

Re: let's encrypt certif problemã By: Ogg to Arelor on Mon Oct 18 2021 07:35 pmãã > Hello Arelor!ã > ã > ** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:ã > ã > A> You also have to manually remove the expired DST X3 one.ã > ã > ã > Ah.. That I haven't done.ã > ã > But I didn't see any "LetsEncrypt" certifs in the list ofã > certifs.ããBecause it is not a Let's Encrypt certificate. It is an Internet SecurityãResearch Group certificate. Internet Security Research Group are the owners ofãLet's Encrypt.ãã--ãgopher://gopher.richardfalken.com/1/richardfalkenãã---ã þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FLã