Join the community today
Become a Member

Master Branch update workaround for Letsencrypt DST Root CA X3 in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Sep 21, 2021.

  1. eva2000

    eva2000 Administrator Staff Member

    48,887
    11,187
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,421
    Local Time:
    7:01 PM
    Nginx 1.21.x
    MariaDB 10.x
    update workaround for Letsencrypt DST Root CA X3 in 123.09beta01

    - workaround is to remove via CA Trust blacklisting the soon to expire Letsencrypt DST Root CA X3 certificate (September 30, 2021) from system CA Trust store on CentOS 7 leaving system OpenSSL 1.0.2k to verify Letsencrypt SSL certificates using already included ISRG Root X1 in system CA Trust store on CentOS 7. Centmin Mod 123.09beta01 or higher folks on CentOS 7 can run SSH command, cmupdate and run and exit once from centmin.sh menu. See https://community.centminmod.com/threads/21965/
    - updated installers with workaround so fresh installs of Centmin Mod 123.09beta01 or higher on CentOS 7 apply the same fix
    - added standalond tool script at /usr/local/src/centminmod/tools/dst-root-ca-fix.sh which you can run to manually or automate the deployment of the workaround fix on CentOS 7 systems with OpenSSL 1.0.2 detected.

    Continue reading...

    Centmin Mod Github Master branch

    Master branch is where most recent commits are made as at May 24, 2015.