Welcome to Centmin Mod Community
Register Now

Beta Branch update workaround for Letsencrypt DST Root CA X3 in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Sep 21, 2021.

  1. eva2000

    eva2000 Administrator Staff Member

    47,298
    10,705
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,632
    Local Time:
    6:17 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    update workaround for Letsencrypt DST Root CA X3 in 123.09beta01


    - workaround is to remove via CA Trust blacklisting the soon to expire Letsencrypt DST Root CA X3 certificate (September 30, 2021) from system CA Trust store on CentOS 7 leaving system OpenSSL 1.0.2k to verify Letsencrypt SSL certificates using already included ISRG Root X1 in system CA Trust store on CentOS 7. Centmin Mod 123.09beta01 or higher folks on CentOS 7 can run SSH command, cmupdate and run and exit once from centmin.sh menu. See https://community.centminmod.com/threads/21965/
    - updated installers with workaround so fresh installs of Centmin Mod 123.09beta01 or higher on CentOS 7 apply the same fix
    - added standalond tool script at /usr/local/src/centminmod/tools/dst-root-ca-fix.sh which you can run to manually or automate the deployment of the workaround fix on CentOS 7 systems with OpenSSL 1.0.2 detected.

    Continue reading...

    123.09beta01 branch