Want more timely Centmin Mod News Updates?
Become a Member

SSL Google Chrome 56+ distrusting WoSign, StartSSL/StartCom SSL certificates !

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Nov 1, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    wow Google has fired a few more nails into the coffin for WoSign/StartSSL - Google Online Security Blog: Distrusting WoSign and StartCom Certificates Previous discussions leading up to this can be found here.

     
    • Informative Informative x 3
  2. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    In previous thread at SSL - wosign ssl cert trainwreck, Mozilla was taken measures to distrust WoSign/StartCom but with a chance of them being re-admitted if they took certain measures. But seems Google is just outright distrusting them altogether !

    According to W3Counter, Chrome and Firefox hold 57.1% and 10.4% market share respectively !

    Let's Encrypt SSL certificates seem to be the one to get for free. Reminder Centmin Mod 123.09beta01 has addons/acmetool.sh for letsencrypt free ssl certificate integration that requires more testing and feedback at https://centminmod.com/acmetool ;)
     
    Last edited: Nov 1, 2016
    • Like Like x 1
  3. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    6:23 AM
    1.11
    10.2
    Ow I'm still using it one my mail server :/
    upload_2016-11-1_17-24-27.png
     
    • Informative Informative x 1
  4. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    3:23 PM
    1.11.1
    10.1
    me too ? should we switch to let's encrypt ?
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 2
  6. R0rke

    R0rke Member

    83
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    3:23 PM
    1.11.1
    10.1
    well what alternative exactly ?
    so simply you mean the let's encrypt already has that problem ?
    we can't use acme tool?
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    https://centminmod.com/acmetool is still in beta so you're welcome to try it on test server first and see if it suits your needs. Or just get a paid ssl certificate :)

    I am testing Centmin Mod addons/acmetool.sh addon for my https://mysqlmymon.com/ site on test server :)
     
    Last edited: Nov 2, 2016
  8. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    It's happening in Chrome 57 StartSSL Certificates not trusted in Chrome 57 - Web hosting - Whirlpool Forums

     
    • Informative Informative x 1
  9. Xon

    Xon Active Member

    130
    57
    28
    Nov 16, 2015
    Ratings:
    +171
    Local Time:
    6:23 AM
    1.11.x
    MariaDB 10.1.x
    Ah whingepool
     
    • Funny Funny x 1
  10. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:23 AM
    1
    10
    That's not cool if let's encrypt is affected, in my case im using cloudflare n I shouldn't see any issues unless I disable the cloudflare ssl as they use avast.

    Not sure if outgoing mail will be affected, though. I don't have chrome 57, is there a beta, or how else are you guys testing this
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    heh Aussies fav forum :LOL:
    only affects startssl/startcom - see the rest of this thread as to why chrome is going to block and blacklist them. Won't affect letsencrypt :)
     
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    bye bye StartCOM/StartSSL StartSSL Certificates not trusted in Chrome 57 - Web hosting - Whirlpool Forums
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
  14. eva2000

    eva2000 Administrator Staff Member

    30,194
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    8:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    And if you thought there weren't enough nails in StartSSL/WoSign's coffin, you guessed wrong Microsoft bins unloved Chinese cert shops

    Lesson here is don't piss off Google, Apple, Mozilla and Microsoft !