NameSilo

Root Certificate is expiring

Labeled as alert in Warnings and Alerts, started by franka46, Sep 29, 2021

Replies:
31
Views:
967

  1. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,414
    Likes Received:
    8,242
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,414
    Likes Received:
    8,242
    Last edited: Oct 4, 2021
  3. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,414
    Likes Received:
    8,242
  4. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,414
    Likes Received:
    8,242
    Plex not working anymore on your smart TV? This might be why

    [...]

    The issue appears to be a security certificate expiration. The culprit is likely the Let’s Encrypt’s DST Root CA X3 cross-signed certificate, which expired on September 30th. As noted by TechCrunch, Let’s Encrypt’s free certificates have been widely used across the internet since 2014, when the nonprofit began issuing free certificates for people to use. A whopping 380 million certificates had been issued as of 2018 across 129 million unique domains.

    When Let’s Encrypt first started, they used the existing “DST Root CA X3” cross-signature on all their certificates. This ensured that older and current devices at the time immediately trusted those certs. Let’s Encrypt now relies on their own “ISRG Root X1” signature for all certificates.

    The problem arises on older devices that still rely on only the CA X3 signature. Because that signature is now expired, devices like older smart TVs, older phones, and more will no longer establish secure connections.

    How to fix it

    Plex states that if your server is located on the same network as your TV, you won’t have any issues. However, if the server you’re connecting to is remote, you’ll need to change the Plex settings on your TV to allow for insecure connections. To do this, go to settings and find the “Advanced” section. Set “Allow Insecure Connections” to “Always” as seen below. This setting may appear under the “Main” section on a few older TVs.

    https://www.xda-developers.com/plex-not-working-smart-tv-might-be-why/
     
  5. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,414
    Likes Received:
    8,242
    Revisiting BetterTLS: Certificate Path Building
    Netflix Technology Blog, Oct 14, 2021


    https://netflixtechblog.com/revisiting-bettertls-certificate-path-building-4c978b79843f

    From the article:

    [...]​

    Even though that story is a year old and was well covered then, I’m retelling it here because a couple of weeks ago something kind of similar happened: a certificate for the Let’s Encrypt R3 CA expired (certificate 2 below) on September 30, 2021. This should have been fine; the Let’s Encrypt R3 entity also has a certificate signed by the ISRG Root X1 CA (3) which nowadays is trusted by most clients.

    But predictably, even though it’s been a year since Ryan’s post, lots of services and clients had issues. You should read Scott Helme’s full post-mortem on the event to understand some of the contributing factors, but one big problem is that most TLS implementations still aren’t very good at path building. As a result, servers generally can’t send a complete collection of certificates down to clients (containing different possible paths to different trust anchors) which makes it hard to host a service that both old and new devices can talk to.
     
  6. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,414
    Likes Received:
    8,242
    Let's Encrypt Root Expiration - Post-Mortem
    Scott Helme, Oct 8, 2021

    Well, the Internet Apocalypse came and went! Due to the recent expiration of the Let's Encrypt intermediate and root certificates, I saw more widespread issues than I was expecting, but on different devices and for different reasons than I thought. Let's take a look at what happened and why.

    Read more:

    https://scotthelme.co.uk/lets-encrypt-root-expiration-post-mortem/
     
    Last edited: Oct 17, 2021 at 10:10 AM
  7. twiki

    twiki Top Contributor VIP Gold Account

    Posts:
    2,557
    Likes Received:
    13,200
    I read the article and understood nothing.

    Except bad stuff happening where everyone is not getting up to date with this.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...